Don't check for CSRF attacks when no user is logged in FS#1619

Ignore-this: 3ef4fafa34a7bbba76435b5db6935b57

There is no need to fight against a privilege stealing attack when the
attacked user has

Don't check for CSRF attacks when no user is logged in FS#1619

Ignore-this: 3ef4fafa34a7bbba76435b5db6935b57

There is no need to fight against a privilege stealing attack when the
attacked user has no privileges.

Skipping the check reenables editing without cookies again.

darcs-hash:20090527112243-7ad00-c1acd3161ececf3d922d5842033cb7d3f1910a16.gz

show more ...

fixed a spam check hole FS#1620 and made the wordblock check more flexible

Ignore-this: 74d18220baea88b5826d46c78998fa04

darcs-hash:20090526120748-7ad00-b3a0bddc53ba3c6c3b824cfbed15450cc0ec406e.gz

check if $auth is set in editorinfo() FS#1636

darcs-hash:20090306185717-7ad00-64bc35049667483988dcc3f5b8128f8a5f7f8fe7.gz

do not close session in auth_logoff FS#1519

Ignore-this: b30b94c67baa8a8916dd216424e9473c

As auth_logoff is called very early for all not-logged in users it
prevented writing the breadcrumbs and mi

do not close session in auth_logoff FS#1519

Ignore-this: b30b94c67baa8a8916dd216424e9473c

As auth_logoff is called very early for all not-logged in users it
prevented writing the breadcrumbs and might have broken some other
things relying on a open session at beginning of the script.

auth_logoff now makes sure the session is open but will not close
it.

Additionally the session is now explicitly closed before a redirect.

darcs-hash:20090210100257-7ad00-50470f18edb9fdbeb555fbf5d8a470a3b077915d.gz

show more ...

Work around IIS bug for redirects FS#1576

Ignore-this: 37b33f575e4c0b31e4af93185bf74f0f

When IIS is running PHP in CGI mode it will not send cookie headers on 302
redirections. This is a known bug

Work around IIS bug for redirects FS#1576

Ignore-this: 37b33f575e4c0b31e4af93185bf74f0f

When IIS is running PHP in CGI mode it will not send cookie headers on 302
redirections. This is a known bug (KB176113).

This patch will detect affected servers. Instead of a 302 redirect a Refresh:
header is issued. This is supported by all known browsers should have the same
effect as a real redirect.

darcs-hash:20090127204506-7ad00-ce474f3b0db003e86e09d5e9a9bd7c96887ac01c.gz

show more ...

Media changelog added

There is a new media changelog now, with the flag RECENTS_MEDIA_CHANGES media changes can be requested from the getRecents()-function or the new getRecentsSince()-function, tha

Media changelog added

There is a new media changelog now, with the flag RECENTS_MEDIA_CHANGES media changes can be requested from the getRecents()-function or the new getRecentsSince()-function, that returns all changes since a given timestamp and optionally before a given timestamp. The media upload and the XML-RPC-server have been changed to use these functions.

Additionally, the event MEDIA_UPLOAD_FINISH has been extended, it has a new $data-attribute (the 5th), that contains a boolean if the file does already exist and will be overwritten.

darcs-hash:20090118154345-074e0-5d9a90d269e86d8c6a156ecce5cf63115c827433.gz

show more ...

removed some illogical path setups

darcs-hash:20081213090400-7ad00-4e21cd75978bb07513f32f5d750658e8d777c59e.gz

FS#630: allow $conf['useheading'] to individually apply to content links and/or navigation links

$conf['useheading'] values are now:
- 0 : off, use page name in link text
- 'content' :

FS#630: allow $conf['useheading'] to individually apply to content links and/or navigation links

$conf['useheading'] values are now:
- 0 : off, use page name in link text
- 'content' : use first heading text for links in wiki page content
- 'navigation' : use first heading text for links in non-page content, e.g. breadcrumps, backlinks, search results, etc.
- 1 : use first heading text in all links
(for backwards compatibility, any other values are mapped to 0 or 1 by empty() function.)

$conf['useheading'] value should now be checked using the useHeading($linktype) function,
where linktype can be "content" or "navigation"

darcs-hash:20081119140758-f07c6-6e26456d50dcecc949fada31b0d4e72877fde1cc.gz

show more ...

moved crop/resize functions out of fetch.php for reusability

darcs-hash:20081026135833-23886-a9c8e910571c6e7a4e1603a2ebd365b3ed37108a.gz

more placeholders for namespace templates

This patch adds a @FILE@ placeholder for namespace templates which is similar
to the @PAGE@ placeholder but keeps underscores intact. It also adds
placehold

more placeholders for namespace templates

This patch adds a @FILE@ placeholder for namespace templates which is similar
to the @PAGE@ placeholder but keeps underscores intact. It also adds
placeholder to insert the page name with a first uppercase character, all words
uppercased or the whole string uppercased.

The utf8 library was enhanced with utf8_ucfirst and utf8_ucwords functions

darcs-hash:20081026084239-7ad00-1a4be6bb85280df025ca308d4ed2e50da1cbc9cf.gz

show more ...

Avoid editing sections of outdated pages FS#1513

darcs-hash:20081016181955-7ad00-5745635416542fd04dbdf67cbf043bf446e995bc.gz

don't send subscriber mails to the editor herself FS#1450

darcs-hash:20081012212826-7ad00-0027ac926fdaa413521704536465bb83938a4366.gz

Fix IPv4 regexp and add IPv6 regexp (clientIP)

darcs-hash:20081012192728-19e2d-5219ad7bf461a758b62ee311598937ecd958916b.gz

FS#1024 new Event COMMON_WORDBLOCK_BLOCKED

This event allows action plugins to take action if a wordblock occurs.

Event data:
data[matches] - array of wordblock matches
data[userinfo] - det

FS#1024 new Event COMMON_WORDBLOCK_BLOCKED

This event allows action plugins to take action if a wordblock occurs.

Event data:
data[matches] - array of wordblock matches
data[userinfo] - detailed userinfo
[ip] - ip address
[user] - username (if logged in)
[name] - real name (if logged in)
[mail] - mail address (if logged in)

darcs-hash:20081012174849-23886-0ac42addc14ee3e36e961272de229a6002d052e9.gz

show more ...

Make license selectable from config FS#312

darcs-hash:20081012113150-7ad00-6408da058bdb6c923159d445e03b76f54b579362.gz

FS#1234: If useheading is enabled, purge the cache of backlinks upon save

darcs-hash:20081011164342-2b4f5-b2e26e17ce970927ddbc0c5b888815063d613b0e.gz

editor_info_patch

At present, DW shows the username on the bottom left under "logged in as", and the login name for "last modified", "locked by" and under
revisions/recent changes. In a corporate en

editor_info_patch

At present, DW shows the username on the bottom left under "logged in as", and the login name for "last modified", "locked by" and under
revisions/recent changes. In a corporate environment, particularly when integrated with a Single Sign-On system, the login name may be somewhat
unfriendly. This patch makes the "logged in as" the same as the value used elsewhere and also allows an admin to decide whether it should be the
login name, username or e-mail address that is displayed. The e-mail address may also, optionally, be a mailto: link. E-mail addresses are
obfuscated according to the 'mailguard' setting. The default behaviour is to show the login name which is no change from previous behaviour for the
"last modified"/"locked by"/revisions/"recent changes", but is a change for the "logged in as".

darcs-hash:20081001152914-6ad63-9cd7174068ac55de381f1318a4401f8c51de5b0c.gz

show more ...

mobile detection added

This patch adds detection of mobile browsers to DokuWiki. $INFO[ismobile]
will be set to true for mobile browsers. Template authos can use this to
adapt their template dynamic

mobile detection added

This patch adds detection of mobile browsers to DokuWiki. $INFO[ismobile]
will be set to true for mobile browsers. Template authos can use this to
adapt their template dynamically. CSS support will follow.

darcs-hash:20080823152454-7ad00-67e50139572a746d2b356bdbb2a53a3f21b53bcb.gz

show more ...

strip default parameters from media URLs

Default parameters like cacheÊche or empty width or heights are stripped
from media URLs now.

darcs-hash:20080817134207-7ad00-4b53c1f9b121fcbb3e0c5cc38e672f

strip default parameters from media URLs

Default parameters like cacheÊche or empty width or heights are stripped
from media URLs now.

darcs-hash:20080817134207-7ad00-4b53c1f9b121fcbb3e0c5cc38e672f1b20157956.gz

show more ...

display the (shortened) namespace for page quicksearch

When displaying pagename matches in the Ajax quick search or normal search,
the namespace of the page is shown behind the pagename. This makes

display the (shortened) namespace for page quicksearch

When displaying pagename matches in the Ajax quick search or normal search,
the namespace of the page is shown behind the pagename. This makes it easier
to distinguish the pages when the same namespace is used in different namespaces.

To avoid breaking the layout in deep nested namespace hierarchies, the namespace
is shortened in the middle when needed.

This patch also disables the effect of the useheadings option in the Ajax quick
search. After all the results should show what was found and since the search
works on pagenames not headings it should show pagenames as result.

darcs-hash:20080814194826-7ad00-9add9c1bbbb4f4ede3c6884d37427644b2cddc56.gz

show more ...

Explicite TypeCast for searchIndex

Running the /bin/indexer.php or the searchindex plugin fails in php5
with several type cast errors. This can be fixed using explicite type casts.

Secondly the inc

Explicite TypeCast for searchIndex

Running the /bin/indexer.php or the searchindex plugin fails in php5
with several type cast errors. This can be fixed using explicite type casts.

Secondly the include plugin requires the auth.php to be present. As some other
plugins might use quick-acl or the $auth too, indexer.php should require the auth.php
just as the lib/exe/indexer.php does.

darcs-hash:20080804112444-f4337-e12f25329236689b05e31f0db2119e47660a9404.gz

show more ...

Avoid double newlines on section edits FS#1221

darcs-hash:20080407175410-7ad00-4c782db8b3d806d8034140a2b3d7994f53b1e0fc.gz

work around strftime character limit on parsing namespace templates FS#1366

darcs-hash:20080406174718-7ad00-89b3946e17ce49566c0f51f3194776a0bdb4768d.gz

Notify subscribers to parent namespaces. And avoid redundant checks.

darcs-hash:20080405031301-6942e-d1e4f344f5cf165f625104f214f2bfae595a6e20.gz

fixed search engine referrer highlighting

darcs-hash:20080331175353-7ad00-85da7f10269ead76b0f081aa1668cc27840c3b2e.gz