| #
b13c0e1a |
| 27-Sep-2020 |
AdaKaleh <31895292+adakaleh@users.noreply.github.com> |
Improve auth_browseruid()
As discussed in https://forum.dokuwiki.org/d/18284-dont-store-ip-addresses/5
- remove the deprecated HTTP_ACCEPT_CHARSET
- add HTTP_ACCEPT_LANGUAGE
- add HTTP_ACCEPT_ENCOD
Improve auth_browseruid()
As discussed in https://forum.dokuwiki.org/d/18284-dont-store-ip-addresses/5
- remove the deprecated HTTP_ACCEPT_CHARSET
- add HTTP_ACCEPT_LANGUAGE
- add HTTP_ACCEPT_ENCODING
- add HTTP_ACCEPT
- use half of the IP address
- add support for IPv6
- use SHA256 instead of MD5
Also:
- remove `$uid = strtolower($uid)`, as it doesn't seem to help
show more ...
|
| #
46028c4c |
| 04-Jun-2020 |
Andreas Gohr <andi@splitbrain.org> |
Move defines to their own file
As described in
https://github.com/dwp-forge/columns/issues/5#issuecomment-638467603
sometime the Lexer constants have not been (auto)loaded when a syntax plugin
is in
Move defines to their own file
As described in
https://github.com/dwp-forge/columns/issues/5#issuecomment-638467603
sometime the Lexer constants have not been (auto)loaded when a syntax plugin
is invoked (I'm not sure why).
In general PSR2 discourages a mix of main code and function/class setup
with the call to define() being considered main code.
This patch moves these the define calls to a separate new file, solving
both of the above problems.
These are not all our defines. Instead I focused on the ones that are
ENUM-like.
In the future we should think about what defines can be replaced by
class constants and what other define() calls should be moved.
show more ...
|
| #
10396f77 |
| 12-May-2020 |
Andreas Gohr <andi@splitbrain.org> |
use serialized cache key for isAdmin/isManager cache
This avoids potential collisions.
|
| #
96348f27 |
| 11-May-2020 |
Andreas Gohr <andi@splitbrain.org> |
Cache results of isAdmin and isManager
isAdmin() is called within the ACL check (and probably various other
places in DokuWiki core). In a Wiki with lots of ACL checks (most
noticable with the index
Cache results of isAdmin and isManager
isAdmin() is called within the ACL check (and probably various other
places in DokuWiki core). In a Wiki with lots of ACL checks (most
noticable with the indexmenu) and users with a lot of groups (as typical
in corporate ActiveDirectory environments) this check can take a
significant portion of the time of a request time doing exactly the same
thing again and again.
This introduces a static request level cache for the result of the
isAdmin and isManager checks based on the requested user and groups.
A new parameter allows to skip the cache, though I don't think there
should be a good reason to skip the cache except for testing purposes.
show more ...
|
| #
81e99965 |
| 10-Mar-2020 |
Phy <git@phy25.com> |
fallback to auth_login check when trustExternal returns null
This is a work based on #2701, Before this patch, it is either fully external, or fully internal (and DokuWiki's auth cookie mechanism is
fallback to auth_login check when trustExternal returns null
This is a work based on #2701, Before this patch, it is either fully external, or fully internal (and DokuWiki's auth cookie mechanism is used in auth_login()). I believe we should provide plugin developers with a third state as out-put. Semantically $auth->trustExternal() === null to delegate auth flow back to DokuWiki makes sense to me - like no external auth result is returned, so we need to run internal auth flow.
Co-Authored-By: paweljasinski <paweljasinski@users.noreply.github.com>
show more ...
|
| #
3e9ae63d |
| 01-Dec-2019 |
Phy <git@phy25.com> |
PHP8 fix part 3: Trying to access array offset on value of type bool/null
|
| #
06f34f54 |
| 01-Dec-2019 |
Phy <git@phy25.com> |
PHP8 fix part 2: Trying to access array offset on value of type bool/null
|
| #
2401f18d |
| 30-Oct-2019 |
Syntaxseed <825423+syntaxseed@users.noreply.github.com> |
Fix curly brace syntax. PHP 7.3 deprecations in inc/ directory.
|
| #
43f71e05 |
| 19-Oct-2019 |
sdavis80 <sddev@dvscat.com> |
updated inc/auth.php
Updated the auth_pwgen password generator order to letters +
special character + number so that the password will not end with
a comma, full stop or other special character.
Fo
updated inc/auth.php
Updated the auth_pwgen password generator order to letters +
special character + number so that the password will not end with
a comma, full stop or other special character.
For example bacdefgih.15 instead of bacdefgih15.
show more ...
|
| #
b47790f9 |
| 14-Jul-2019 |
Andreas Gohr <andi@splitbrain.org> |
Merge branch 'utf8refactor' into psr2
* utf8refactor:
replaced deprecated utf8 functions
formatting cleanup
mark old utf8 functions deprecated
Some cleanup for the UTF-8 stuff
Moved all ut
Merge branch 'utf8refactor' into psr2
* utf8refactor:
replaced deprecated utf8 functions
formatting cleanup
mark old utf8 functions deprecated
Some cleanup for the UTF-8 stuff
Moved all utf8 methods to their own namespaced classes
Create separate table files for UTF-8 handling
show more ...
|
| #
2b9c4a05 |
| 14-Jul-2019 |
Andreas Gohr <andi@splitbrain.org> |
Merge branch 'master' into psr2
* master: (34 commits)
fix color for noninstalled extensions
show disabled extensions in gray
warn about inaccessible repo api
bugfix: access check was never
Merge branch 'master' into psr2
* master: (34 commits)
fix color for noninstalled extensions
show disabled extensions in gray
warn about inaccessible repo api
bugfix: access check was never cached
First go on a CLI component for the extension manager
use strict type comparison
translation update
translation update
fix #dokuwiki__sitetools current item not in highlight due to Greebo change
authplain: Add tests for group retrieval
authplain: Add a simple method for retrieving user groups
translation update
Negative string offsets are allowed in PHP 7.1+ only
improve memory check output
fix and test php_to_byte() related to #2756 #2556
translation update
translation update
translation update
translation update
translation update
...
show more ...
|
| #
8cbc5ee8 |
| 10-Jun-2019 |
Andreas Gohr <andi@splitbrain.org> |
replaced deprecated utf8 functions
For now this uses full qualified namespaces, sensible imports may come
later.
|
| #
820934dc |
| 19-May-2019 |
Andreas Gohr <andi@splitbrain.org> |
Merge branch 'psr2-pluginredux' into psr2
* psr2-pluginredux:
Minor optimizations in PluginController
Snake to Camel case fixes inn PluginController
Fix snake->camel case, doc blocks
minor c
Merge branch 'psr2-pluginredux' into psr2
* psr2-pluginredux:
Minor optimizations in PluginController
Snake to Camel case fixes inn PluginController
Fix snake->camel case, doc blocks
minor code simplification
snake to camel case fixes in EventHandler
Move list of plugin types to plugin controller constant
Avoid accessing the evet system before it's intialized
Avoid processing events before the Event System is intiialized
isEnabled instead of isDisabled
removed get_directory() method from PluginController
fix type hints
moved plugin controller to Extension namespace
removed deleted file from autoloader
deprecated trigger_event() in favor of a static method on Event
First go at moving the plugin classes into their own namespace
show more ...
|
| #
75d66495 |
| 20-Apr-2019 |
Michael Große <mic.grosse@googlemail.com> |
♻️ Don't use deprecated subscription methods
|
| #
3a7140a1 |
| 15-Jun-2018 |
Andreas Gohr <andi@splitbrain.org> |
moved plugin controller to Extension namespace
|
| #
cbb44eab |
| 15-Jun-2018 |
Andreas Gohr <andi@splitbrain.org> |
deprecated trigger_event() in favor of a static method on Event
|
| #
e1d9dcc8 |
| 15-Jun-2018 |
Andreas Gohr <andi@splitbrain.org> |
First go at moving the plugin classes into their own namespace
|
| #
c3cc6e05 |
| 06-Mar-2019 |
Andreas Gohr <andi@splitbrain.org> |
PSR2 adjustments for the PassHash class
I opted for ignoring the camel case funtion check not because the public hash_*
methods are widely used but because I find this style actually cleaner
in this
PSR2 adjustments for the PassHash class
I opted for ignoring the camel case funtion check not because the public hash_*
methods are widely used but because I find this style actually cleaner
in this case where the method name is auto-built from the hash type
name.
show more ...
|
| #
102cdbd7 |
| 15-Sep-2018 |
LarsGit223 <lars_paulsen@web.de> |
Auth/Mailer: properly handle usernames including a comma
Prevent splitting of e-mail addresses at the wrong point by enclosing a username in '"'.
The "To" e-mail address in the notification mail was
Auth/Mailer: properly handle usernames including a comma
Prevent splitting of e-mail addresses at the wrong point by enclosing a username in '"'.
The "To" e-mail address in the notification mail was malformed if a new user was added
and included a ',' in it's name. Fixes #1569.
show more ...
|
| #
b4f2363a |
| 27-Apr-2018 |
Andreas Gohr <andi@splitbrain.org> |
remove DOKU_INC checks
There is no need for this check, since these files should not have any
main code that is executed on direct call.
Fixes PSR1.Files.SideEffects.FoundWithSymbols
|
| #
fe745bec |
| 19-Mar-2018 |
Michael Große <grosse@cosmocode.de> |
tests: use non-empty string for static salt
As pointed out by @klap-in, an empty string may evaluate to false in
some circumstances. This is something we may not want. Using a string
like 'test' sho
tests: use non-empty string for static salt
As pointed out by @klap-in, an empty string may evaluate to false in
some circumstances. This is something we may not want. Using a string
like 'test' should therefore be more robust.
show more ...
|
| #
a1fe3c9c |
| 30-Jan-2018 |
Michael Große <grosse@cosmocode.de> |
feat: make auth salt static in test environments
There are circumstances where we may want to test generated content that
uses the auth salt, for example when one tests the rendering of external
ima
feat: make auth salt static in test environments
There are circumstances where we may want to test generated content that
uses the auth salt, for example when one tests the rendering of external
images where the url contains a token from media_get_token
show more ...
|
| #
f8b1e4e7 |
| 04-Apr-2017 |
Andreas Gohr <andi@splitbrain.org> |
use 403 response on bad logins. closes #1937
|
| #
114248c7 |
| 30-Nov-2016 |
Andreas Gohr <gohr@cosmocode.de> |
Merge branch 'master' into phpseclib
* master: (54 commits)
updated geshi
authpdo - use type safe comparison on passwords. fixes #1765
removed unneeded files from random_compat
Use cryptogra
Merge branch 'master' into phpseclib
* master: (54 commits)
updated geshi
authpdo - use type safe comparison on passwords. fixes #1765
removed unneeded files from random_compat
Use cryptographically secure pseudo random number generator (CSPRNG)
translation update
translation update
translation update
translation update
translation update
or maybe I only now figured out the right travis config :-/
disable 7.1 testing completely
allow 7.1 failures until it's released #1682
DE translation for key 'protected'
Use 'Benachrichtigung' instead of 'Notifikation'
Fix spelling of some terms (lower to upper case)
DE translation for key: addUser_error_missing_pass
DE translation for keys: update_name, update_mail
translation update
translation update
Implemented interwiki substitution for external images (issue #1614).
...
show more ...
|
| #
7a33d2f8 |
| 20-Nov-2016 |
Niklas Keller <me@kelunik.com> |
Use cryptographically secure pseudo random number generator (CSPRNG)
Uses paragonie/random_compat instead of insecure home-brewed code.
It's NEVER fine to fall back to mt_rand() for secure random.
Use cryptographically secure pseudo random number generator (CSPRNG)
Uses paragonie/random_compat instead of insecure home-brewed code.
It's NEVER fine to fall back to mt_rand() for secure random.
Fixes #1760.
show more ...
|