| #
7e687fd8 |
| 29-May-2026 |
Andreas Gohr <andi@splitbrain.org> |
fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to
fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
show more ...
|
| #
093fe67e |
| 07-Mar-2026 |
Andreas Gohr <andi@splitbrain.org> |
updated rector and applied it
|
| #
9349c09b |
| 25-Sep-2023 |
Gerrit Uitslag <klapinklapin@gmail.com> |
minor refactor
|
| #
adf3f0ad |
| 24-Sep-2023 |
Gerrit Uitslag <klapinklapin@gmail.com> |
update Recent as well
|
| #
71951841 |
| 24-Sep-2023 |
Gerrit Uitslag <klapinklapin@gmail.com> |
deprecate parseChangelogLine()
It was already replace in code, replaced in unit test as well.
|
| #
d4f83172 |
| 31-Aug-2023 |
Andreas Gohr <andi@splitbrain.org> |
code style: line breaks
|
| #
90fb952c |
| 31-Aug-2023 |
Andreas Gohr <andi@splitbrain.org> |
code style: operator spacing
|
| #
7a08a8bc |
| 31-Aug-2023 |
Andreas Gohr <andi@splitbrain.org> |
code style: inc/dec spacing
|
| #
4b230b99 |
| 31-Aug-2023 |
Andreas Gohr <andi@splitbrain.org> |
code style: indent fixes
|
| #
177d6836 |
| 31-Aug-2023 |
Andreas Gohr <andi@splitbrain.org> |
coding style: control flow whitespaces
|
| #
d868eb89 |
| 30-Aug-2023 |
Andreas Gohr <andi@splitbrain.org> |
codestyle adjustments: function declaration braces/spaces
|
| #
24870174 |
| 29-Aug-2023 |
Andreas Gohr <andi@splitbrain.org> |
Apply rector fixes to the rest of inc
|
| #
35bad86a |
| 04-Aug-2022 |
TherealperO <110610509+TherealperO@users.noreply.github.com> |
Update changelog.php
Change so `$x['media']` is always set to either true or false. This so in Recent.php `$recent['media']` is never null and won't cause undefined array key error in PHP8.
|
| #
eeda7ada |
| 23-Jan-2022 |
Gerrit Uitslag <klapinklapin@gmail.com> |
some spelling
|
| #
79a2d784 |
| 05-Jan-2022 |
Gerrit Uitslag <klapinklapin@gmail.com> |
import classes, replace dbglog, simplify, remove unused statements, and other warnings from IntelliJ
update phpdocs,
rename dokuwiki/Ui/Draft to PageDraft
|
| #
69f9b481 |
| 28-Nov-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
add dbg_deprecated()
|
| #
7fba736b |
| 28-Nov-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
update metadata of changed page in PageFile class
|
| #
1d11f1d3 |
| 06-Nov-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
ChangeLogTrait
- move ChangeLog low level methods into trait
- static ChangeLog::parseLogLine() replaces parseChangeLogLine()
- new ChangeLog::buildLogLine()
|
| #
c7192766 |
| 04-Nov-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
new method ChangeLog::addLogEntry()
rewrite `detectExternalEdit()` in inc/common.php
|
| #
6527839f |
| 01-Nov-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
typo
|
| #
252acce3 |
| 23-Oct-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
coding style of functions using ChangeLog
|
| #
b5f312c1 |
| 16-Oct-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
remove DOKU_CHANGE_TYPE_EXTERNAL_DELETE
|
| #
5d9428a0 |
| 26-Sep-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
WIP: handle External Deletion using time() for dummy rev number
|
| #
facfe250 |
| 14-Sep-2021 |
Satoshi Sahara <sahara.satoshi@gmail.com> |
external edits in changelog for images
|
| #
63f13cad |
| 06-Feb-2021 |
Damien Regad <dregad@mantisbt.org> |
Fixed typos
|