degrade to unauthed user when auth backen unavailable FS#1168

Instead of disabling the whole ACL feature when the auth backend is unavailable
just degrade the user to an anonymous user.

darcs-hash:

degrade to unauthed user when auth backen unavailable FS#1168

Instead of disabling the whole ACL feature when the auth backend is unavailable
just degrade the user to an anonymous user.

darcs-hash:20070625205228-7ad00-19cfa3c302b4ee63f0a6562823c5d550f9c9755c.gz

show more ...

never use full URL in cookie paths FS#1146

Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless
of the used canonical setting.

darcs-hash:20070603191451-7ad00-a5227a3

never use full URL in cookie paths FS#1146

Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless
of the used canonical setting.

darcs-hash:20070603191451-7ad00-a5227a3632b3337f5da90551d3166d9b5db56638.gz

show more ...

Partial Fix FS#1085

This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication
information is rechecked. The default value is se

Partial Fix FS#1085

This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication
information is rechecked. The default value is set to 900 seconds (15 minutes). Wiki installations particularly concerned
about security should set this value to 0.

DokuWiki maintains a copy of the most recent authentication details in both a browser cookie and server session. Normally these
values are compared on each page visit. If the comparison passes the user is accepted. The same data will be used over and
over until either the cookie or the session expires. FS#1085 is concerned with updates to the original authentication data not
being able to affect this comparison. The new 'auth_security_timeout' setting will force expiration of the saved data after the
specified period has elapsed.

Re-authentication may affect page response, especially on systems which use remote authentication systems.

This fix is considered partial and should be reviewed after the next release with a view to extending the authentication class
to allow those mechanisms which are able to control when DW should revoke authentication.

darcs-hash:20070528194747-d26fc-f471004da604eb66f7131c470e446b98c29d801b.gz

show more ...

Fix broken if in previous patch

darcs-hash:20070302100506-19e2d-342a0477340aa6b2c5fb7e08c520053b7dc33608.gz

Allow @USER@ variable in ACLs

This saves a lot of ACL lines for users namespaces for example:

users:* @ALL 1
users:@USER@ @USER@ 8

darcs-hash:20070301230309-19e2

Allow @USER@ variable in ACLs

This saves a lot of ACL lines for users namespaces for example:

users:* @ALL 1
users:@USER@ @USER@ 8

darcs-hash:20070301230309-19e2d-90a00b70a2af546fd5194ade614c130e9f7864eb.gz

show more ...

make sure cachekey is a string in auth_nameencode FS#1000

darcs-hash:20070106122851-7ad00-9b3b2923e2f917107b29c4dacfc1047b2845a5db.gz

Check cookie auth data silently

darcs-hash:20070109213155-7ad00-9594bbf5c0730221b46f31bb40f31997a09ab4b4.gz

manager user/group

This patch adds support for a manager option as suggested in
http://www.freelists.org/archives/dokuwiki/11-2006/msg00314.html

darcs-hash:20061203134104-7ad00-72ff6422bbb4f79be325

manager user/group

This patch adds support for a manager option as suggested in
http://www.freelists.org/archives/dokuwiki/11-2006/msg00314.html

darcs-hash:20061203134104-7ad00-72ff6422bbb4f79be325c7e77255e1eee32d0f6b.gz

show more ...

HTML_EDITFORM_INJECTION event added

A simple event to inject additional HTML into the editform. This probably
needs to be improved.

darcs-hash:20061114220825-7ad00-ce868b8d8a25f5120c49dc018b8fd1024

HTML_EDITFORM_INJECTION event added

A simple event to inject additional HTML into the editform. This probably
needs to be improved.

darcs-hash:20061114220825-7ad00-ce868b8d8a25f5120c49dc018b8fd1024aff6e12.gz

show more ...

add standard username cleaning to resend password (fixes bug#961)

darcs-hash:20061104174349-9b6ab-74e7c5a3e7a14d12253d36a9d09a35866125a7ec.gz

don't allow commas in full name registration FS#960

darcs-hash:20061103160700-7ad00-01c7039c591ebdffcbe283984b23b2bb4ed4bc74.gz

use DOKU_URL as key for sessions and auth cookie #896 #581 #884

This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making s

use DOKU_URL as key for sessions and auth cookie #896 #581 #884

This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making sessions no longer
dependend on the title option. This should fix problems with multiple
wikis on the same host (using the same title) and wikis accessed through
different URLs.

darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz

show more ...

minor bugfix and boring error removal

darcs-hash:20060923203609-9b6ab-ecca679faa254a29772868508050fcf3206b0814.gz

add authname memory cache

actions which concern multiple pages (e.g. search, backlinks, recents)
end up repeatedly encoding the current user's name and groups. This
change caches the results of the

add authname memory cache

actions which concern multiple pages (e.g. search, backlinks, recents)
end up repeatedly encoding the current user's name and groups. This
change caches the results of the encoding allowing them to be reused.

darcs-hash:20060923161206-9b6ab-a3ec8f1c2ec284d84b9ff85cba1e56165b2967a7.gz

show more ...

move AUTH defines higher up

This moves the defines for the different AUTH levels higher up in inc/auth.php
to set them before including any auth modules. This fixes a problem with the
phpBB auth mod

move AUTH defines higher up

This moves the defines for the different AUTH levels higher up in inc/auth.php
to set them before including any auth modules. This fixes a problem with the
phpBB auth module posted at
http://wiki.splitbrain.org/wiki:tips:integrate_with_phpbb#another_phpbb.class.php

darcs-hash:20060906184814-7ad00-679bd636730e21dca45b9baaf721fb3b34a8695a.gz

show more ...

bug #876, additional data for new user notification email

This patch updates only the english version of the localised
"registermail.txt" file. Other versions need to be updated also.

darcs-hash:2

bug #876, additional data for new user notification email

This patch updates only the english version of the localised
"registermail.txt" file. Other versions need to be updated also.

darcs-hash:20060822072444-9b6ab-ff6cb5bc78277c383e82c3986eeb16168e86c27b.gz

show more ...

more unit test fixes

- move parser.test.php

darcs-hash:20060809192115-9b6ab-973fea51fbfdcf5f44a2ac66000f2ccb5fdd43b4.gz

fixed auth problem introduced in last unittest fix

darcs-hash:20060805163147-7ad00-77e7d9cd88f012cd2ecc6275a574abde30f4a9be.gz

more unittest updates

darcs-hash:20060805082442-9b6ab-8447755da8c66c5cfc3ee0df0f8bb97375a2a1ff.gz

unittest fixes

darcs-hash:20060804142243-9b6ab-d208f7f1a67a9958fda05c519c8407ad5e733cea.gz

two-stage password reset

This patch changes the password reset function to a two-stage process.
After requesting a new password a confirmation email is sent first, only
if the link contained in this

two-stage password reset

This patch changes the password reset function to a two-stage process.
After requesting a new password a confirmation email is sent first, only
if the link contained in this mail is used the password is changed for real.

This makes sure malicious people can't reset passwords for other users.

darcs-hash:20060714110548-7ad00-c1e23fd51cc2d2f16473914421ebe0f9c3b2ba8c.gz

show more ...

disableactions support

This patch adds a config option to disable certain internal action commands of
DokuWiki's main dispatcher.

The options resendpasswd and openregister were removed because they

disableactions support

This patch adds a config option to disable certain internal action commands of
DokuWiki's main dispatcher.

The options resendpasswd and openregister were removed because they can now set
through this new option.

The config plugin needs to be adjusted.

darcs-hash:20060702121622-7ad00-1e80e77bcfb0ae561fe7abd79cfbe1bb158be720.gz

show more ...

register notify #826

A small patch for dokuwiki which enables dokuwiki to notify the
administrator about new user registrations

darcs-hash:20060615194419-022eb-51630aff3c6d93abc656742fc0bc723b93f97

register notify #826

A small patch for dokuwiki which enables dokuwiki to notify the
administrator about new user registrations

darcs-hash:20060615194419-022eb-51630aff3c6d93abc656742fc0bc723b93f97734.gz

show more ...

XSS bugfix #820

darcs-hash:20060531191114-7ad00-ee7498f6a9e047fc9eda5f8754f85d9b8a3317d5.gz

optionally use HTTP credentials to log in

If no credentials where given (either by form or former cookie) it is
checked if credentials from a former HTTP based authentication are
available. Those wi

optionally use HTTP credentials to log in

If no credentials where given (either by form or former cookie) it is
checked if credentials from a former HTTP based authentication are
available. Those will be tried for login then.

This only works with PHP running as Apache module.

darcs-hash:20060507161224-7ad00-7ba0a6e871cf5319038e83672a2ff05ef23c124b.gz

show more ...