Use the server port in DOKU_COOKIE when securecookie is defined FS#1664

Ignore-this: de9ef30fc53fbfc1caa74b55f97290a5

This should avoid problems on portbased virtual hosts.
This patch might log you

Use the server port in DOKU_COOKIE when securecookie is defined FS#1664

Ignore-this: de9ef30fc53fbfc1caa74b55f97290a5

This should avoid problems on portbased virtual hosts.
This patch might log you out ;-)

darcs-hash:20090801222159-7ad00-808a91dd29af758ef10d7942888c2c22d8b8b888.gz

show more ...

SECURITY: fix local file inclusion with register globals

Ignore-this: ce01faedc6c3d9370362b0e1e39ded36

This fixes a security hole when register_globals is enabled. An exploit is
in the wild: http:/

SECURITY: fix local file inclusion with register globals

Ignore-this: ce01faedc6c3d9370362b0e1e39ded36

This fixes a security hole when register_globals is enabled. An exploit is
in the wild: http://www.milw0rm.com/exploits/8781

darcs-hash:20090526145030-7ad00-c0483e021f47898c8597f3bfbdd26c637f891d86.gz

show more ...

fixed fullpath() for certain Windows setups

Ignore-this: 7059284786889a3ead12f5a4b3873bdf

darcs-hash:20090205170449-7ad00-63f9459819a355abc7a154e07b487d8431097614.gz

fixed multiple gzip/sendfile problems in css and js dispatchers FS#1571

- Avoid double compression when gzip_output is enabled
- Only compress when gzip_output is enabled
- Do not use x-sendfile for

fixed multiple gzip/sendfile problems in css and js dispatchers FS#1571

- Avoid double compression when gzip_output is enabled
- Only compress when gzip_output is enabled
- Do not use x-sendfile for compressed content (content-encoding is not supported)
- Make sure the script terminates after using x-sendfile
- Moved gzip browser support check to init.php

darcs-hash:20090122215010-7ad00-765765d353ff78df5b8704086328c5c699bbe7e0.gz

show more ...

further updates to config_cascade patch

- add mediameta and license config files into the cascade
- update the cache validity code in cache.php, css.php & js.php to use config_cascade
- redo inclusi

further updates to config_cascade patch

- add mediameta and license config files into the cascade
- update the cache validity code in cache.php, css.php & js.php to use config_cascade
- redo inclusion of main config files to avoid suppression of errors in config files
- add getConfigFiles($type) function
- minor updates elsewhere to use config_cascade rather than hardcoded config file names

darcs-hash:20090122114457-f07c6-98ad5627fd5df93edf8dd03289b9cf6d81962afe.gz

show more ...

add error suppression to iswin check to avoid notices when DOKU_UNITTEST_ASSUME_WINDOWS isn't set

darcs-hash:20090122081649-f07c6-e7744b1496e1a05ab089812fd7ca3716ecec2290.gz

include preload.php without error suppression (but after existence check)

darcs-hash:20090122080426-f07c6-c2e4cb107f9d07f333a9fe295f5df5bd9d3fb15f.gz

Update for config cascade patch, fixes a couple of issues

darcs-hash:20090119050218-f07c6-8cb3615ee51fe81ef90b1e54675c359d84a2e57c.gz

Rework configuration loading to use a predefined file list or cascade

This change add the global $config_cascade which holds the list of files to be
read for each configuration setting group. Dokuw

Rework configuration loading to use a predefined file list or cascade

This change add the global $config_cascade which holds the list of files to be
read for each configuration setting group. Dokuwiki adds in its configuration
file values after preload.php, giving preload.php to set its own configuration
cascade.

One side effect of the change is "local.protected.php" is part of the default
cascade, removing the need for it to be included at the bottom of local.php.

darcs-hash:20090118181204-f07c6-fea1c406da1bbdb0a52ab40914f11b835e797728.gz

show more ...

Media changelog added

There is a new media changelog now, with the flag RECENTS_MEDIA_CHANGES media changes can be requested from the getRecents()-function or the new getRecentsSince()-function, tha

Media changelog added

There is a new media changelog now, with the flag RECENTS_MEDIA_CHANGES media changes can be requested from the getRecents()-function or the new getRecentsSince()-function, that returns all changes since a given timestamp and optionally before a given timestamp. The media upload and the XML-RPC-server have been changed to use these functions.

Additionally, the event MEDIA_UPLOAD_FINISH has been extended, it has a new $data-attribute (the 5th), that contains a boolean if the file does already exist and will be overwritten.

darcs-hash:20090118154345-074e0-5d9a90d269e86d8c6a156ecce5cf63115c827433.gz

show more ...

moved no purg on referer code to the correct position

darcs-hash:20081212225011-7ad00-dbd829b7c617cc519735525522c3155df506cb2b.gz

don't check for file existance in fullpath() by default

In most (all) calls to fullpath() the existance of the resulting path is not
important or is checked externally, so checking inside fullpath()

don't check for file existance in fullpath() by default

In most (all) calls to fullpath() the existance of the resulting path is not
important or is checked externally, so checking inside fullpath() is a waste
of CPU cycles.

darcs-hash:20081213083355-7ad00-4987a85950a13e5d3c527b3b17b1092e0fa1c567.gz

show more ...

ignore purge command when HTTP referer is set

darcs-hash:20081212222614-7ad00-0b69e3b788b8ee3423cbbd9fb32868234ca679ca.gz

Make license selectable from config FS#312

darcs-hash:20081012113150-7ad00-6408da058bdb6c923159d445e03b76f54b579362.gz

keep undisplayed messages over redirects

When act_redirect is executed (post data was received and mode show is called)
all undisplayed messages (from calls to msg()) are saved in the session now.
T

keep undisplayed messages over redirects

When act_redirect is executed (post data was received and mode show is called)
all undisplayed messages (from calls to msg()) are saved in the session now.
These messages are then revived in inc/init.php. This makes sure no errors
that occured before the redirect are lost.

darcs-hash:20080929203831-7ad00-d0869fd3093f57c1ea64ccbaf05d7fd98f68c5e1.gz

show more ...

rewrote the fullpath function FS#1462

The fullpath function now correctly handles windows drive letter paths and UNC
paths making sure that those are not destroyed with upper dir .. notation.

Unit

rewrote the fullpath function FS#1462

The fullpath function now correctly handles windows drive letter paths and UNC
paths making sure that those are not destroyed with upper dir .. notation.

Unit tests where added.

darcs-hash:20080914134744-7ad00-9abf5931d910a0b12979b1f69b090e8ecd568c71.gz

show more ...

more cookie security FS#1490

This patch adds the httponly option to the PHP session cookies and DokuWiki's
auth cookie when supported by the PHP version.

It also adds a new config option 'securecoo

more cookie security FS#1490

This patch adds the httponly option to the PHP session cookies and DokuWiki's
auth cookie when supported by the PHP version.

It also adds a new config option 'securecookie' which is enabled by default.
It makes sure the browser will not sent a cookie set via HTTPS over a
non-secured connection. This option has to be disabled for wikis that only
protect the login with SSL but not the whole wiki.

darcs-hash:20080912224922-7ad00-d5275147ba9d17a9f6defa8a51ca720da74ba8a0.gz

show more ...

avoid warning on file_exists FS#1428

darcs-hash:20080912212311-7ad00-26249ceb7fb08a442888942072ef2dd8279ab3d2.gz

avoid deprected warnings in php5.3 FS#1464

darcs-hash:20080824085653-7ad00-44925f90b286493b9b55d1ace59136a676786faf.gz

support for an option inc/preload.php file

This patch readds the possibilities previously gained by the DOKUWIKI_INIT event
by adding support for including a file named inc/preload.php. When availab

support for an option inc/preload.php file

This patch readds the possibilities previously gained by the DOKUWIKI_INIT event
by adding support for including a file named inc/preload.php. When available, it
will be included before any defines for dokuwiki are set.

darcs-hash:20080627222629-7ad00-a663ded7ac08369f011e1f63e1c60fa81ec05b51.gz

show more ...

DOKUWIKI_INIT patch rollback

darcs-hash:20080627214831-7ad00-d6eee0ddd406c972455871da75d04c5f5fc8a307.gz

added DOKUWIKI_INIT event

This patch adds a new event DOKUWIKI_INIT to the event system. The event is
triggered in inc/init.php right after DOKU_INC has been defined and allows
action plugins to

added DOKUWIKI_INIT event

This patch adds a new event DOKUWIKI_INIT to the event system. The event is
triggered in inc/init.php right after DOKU_INC has been defined and allows
action plugins to interfere with DokuWiki s init process.

darcs-hash:20080622144154-23886-5153094bd78c2cea7f97e24c7b41cac6c641f49f.gz

show more ...

fix for UNC paths

This patch fixes use of UNC path in $conf['savedir'] and calling of /bin/ scripts.

darcs-hash:20080412124628-51399-9f85214fa4d787d5ad3a3b3c1ca655a29efc07e4.gz

Update GetBaseURL() to avoid multiple consecutive slashes in absolute return values (incl. test cases)

darcs-hash:20080418101946-f07c6-615691fab5d4b5714134634b38567ca8422a0aa0.gz

try to increase the PCRE backtrack limit

This should avoid problems with larger pages on newer PHP versions.
See http://www.freelists.org/archives/dokuwiki/04-2008/msg00049.html

darcs-hash:20080409

try to increase the PCRE backtrack limit

This should avoid problems with larger pages on newer PHP versions.
See http://www.freelists.org/archives/dokuwiki/04-2008/msg00049.html

darcs-hash:20080409181615-7ad00-de4f7a0602692b28e048d215c2e2b9657f96b81c.gz

show more ...