Typo in the word associative

Replace strftime with Intl ICU. Fixes #3573

This uses a class that maps strftime placeholders to the appropriate ICU
patterns. I am using the fallback-intl branch here which provides an
English-only

Replace strftime with Intl ICU. Fixes #3573

This uses a class that maps strftime placeholders to the appropriate ICU
patterns. I am using the fallback-intl branch here which provides an
English-only fallback when the intl extension is not available.

Core has only two places where strftime is used: dformat() and the
SimplePie feed parser. Both are adjusted with this patch. For the latter
a custom Item class had to be registered. For better separation all our
FeedParser classes have been moved to the Feed namespace where our
FeedCreator classes already reside.

Note that this will currently be a degration for users without intl as
it will fall back to date and not to the still available strftime.

show more ...

Revert "use a dispatcher to access static image files"

This reverts commit 944e9ba7254387adb60f253b0d8796f2276096b1.

It was accidentally pused to master before review. A PR with a revert
for the re

Revert "use a dispatcher to access static image files"

This reverts commit 944e9ba7254387adb60f253b0d8796f2276096b1.

It was accidentally pused to master before review. A PR with a revert
for the revert will be pushed shortly.

show more ...

use a dispatcher to access static image files

This makes it possible to replace default images in an update safe way.
It also addresses the issue raised in dokuwiki/docker#16

A .htaccess rewrite ca

use a dispatcher to access static image files

This makes it possible to replace default images in an update safe way.
It also addresses the issue raised in dokuwiki/docker#16

A .htaccess rewrite catches any direct accesses that might come in from
plugins.

show more ...

Use str_starts_with/str_ends_with

minor cleanup in the renderers

apply code sniffer rules to inc/parser as well

recover comments in list

Apply rector fixes to inc/parser

fix XSS in RSS syntax

The title was not correctly escaped when written to the doc in xhtml
renderer.

SimplePie does no content escaping on its own (a comment in the code
seems to suggest that that

fix XSS in RSS syntax

The title was not correctly escaped when written to the doc in xhtml
renderer.

SimplePie does no content escaping on its own (a comment in the code
seems to suggest that that was assumed). Instead the content is passed
on as-is from the feed.

This patch also applies some more escaping on the description output
(though it should have been relatively safe thanks to the use of
striptags).

This was discovered by @ry0tak and reported in
https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/

show more ...

Merge branch 'pr/3908'

* pr/3908:
JPEGMeta: clean up exception handling
Fix: Do not garbage collect the JpegMeta object after reading a tag
Replace check for null with cast to string
Fix: Re

Merge branch 'pr/3908'

* pr/3908:
JPEGMeta: clean up exception handling
Fix: Do not garbage collect the JpegMeta object after reading a tag
Replace check for null with cast to string
Fix: Rework error handling in JpegMeta marker reading
Replace is_null() check with count()
Fix: Padding in _getFixedString, log the path of damaged images
Fix: PHP8-related JpegMeta.php fixes
Backwards Compatibility: Don't error if finishSectionEdit is called without first startSectionEdit
Fix: 'E_WARNING: Uninitialized string offset -1' on some templates
Fix: 'E_WARNING: Undefined array key "_data"'

show more ...

clean up parserutils (reformatting mostly)

Replace is_null() check with count()

Backwards Compatibility: Don't error if finishSectionEdit is called without first startSectionEdit

Merge pull request #3798 from splitbrain/nofootshoot

Remove the htmlok and phpok embedding options

Update core code to make use of sexplode()

This makes use of our own explode mechanism everywhere were we expect a
fixed number of results.

Remove the htmlok and phpok embedding options

Both options have grave security implications and novice users seem to
ignore advice about them. In the last decades I never came across a wiki
that had

Remove the htmlok and phpok embedding options

Both options have grave security implications and novice users seem to
ignore advice about them. In the last decades I never came across a wiki
that had legitimate use of these options.

If someone needs the functionality, it can easily be added back using a
plugin. But I prefer to give users one less option to shoot themselves
in the foot.

Removal of the translations for the config strings can follow after this
has been merged.

show more ...

Accept returnonly parameter to header()

Merge pull request #3574 from splitbrain/php81

Some PHP 8.1 compatibility fixes

move resolvers into File namespace

Merge branch 'master' into refactorResolving

* master: (142 commits)
authPDO: extend mysql test to ensure multiple groups are read
update DokuWiki install URL
update smtp plugin URL
update f

Merge branch 'master' into refactorResolving

* master: (142 commits)
authPDO: extend mysql test to ensure multiple groups are read
update DokuWiki install URL
update smtp plugin URL
update flashplayer URL
Revert "Merge pull request #3039 from takuy/video-attributes"
Revert "fixed video attribute handling in php8"
Revert "more php8 fixes for the video attributes"
guard against unsert user name. fixes #3455
remove remaining X-UA-Compatible headers. fixes #3434
more php8 fixes for the video attributes
fixed video attribute handling in php8
fix test for draft file
fix security problems in draft handling. fixes #3565
fix handling of loading auth backend
check CSRF token in draftdel action. fixes #3563
ignore another PSR12 style check for now
authplain: properly clean user names
Removes use of deprecated create_function() in teests. Replaces them with anonymous functions. Refs #3545
check security token on logout. fixes #3561
create SECURITY.md fixes #3558
...

show more ...

guard against unset parameters

Many string function will throw a deprecation warning in PHP 8.1 when
null is passed. This adds a few guards in some of our methods (not all,
yet)

always use the same htmlspecialchars setup

defaults for htmlspecialchars change in PHP 8.1

All calls should always use our hsc() method to ensure comparability
(especially when testing)

coding style of functions using ChangeLog

Merge branch 'master' into refactorResolving

* master: (257 commits)
add unit test for namespace exclusion in ft_pageLookup()
exclude ns in pagelook ups
translation update
Obsolete attribute

Merge branch 'master' into refactorResolving

* master: (257 commits)
add unit test for namespace exclusion in ft_pageLookup()
exclude ns in pagelook ups
translation update
Obsolete attribute
translation update
translation update
translation update
translation update
translation update
Add missing `;` causing syntax error in js.php
Run tests on PHP 8.0 now
translation update
translation update
test: run test in separate process in case of error
test: fix two tests on PHP8
style: fix test code style
fix method handling for RPC_CALL_ADD
destroy the JPEGMeta object after use
upgrade simplepie to 1.5.6
dwpage: output meta data as JSON
...

show more ...