| #
ada0d779 |
| 15-Apr-2018 |
Michael Hamann <michael@content-space.de> |
Prevent HTML and JS injection in section names
Before this change, HTML and some JS code (as far as it was not escaped
by json_encode) could be injected into the output as the closing pattern
that i
Prevent HTML and JS injection in section names
Before this change, HTML and some JS code (as far as it was not escaped
by json_encode) could be injected into the output as the closing pattern
that is checked by the regex is not escaped in JSON (see test case).
show more ...
|
| #
ac025fdf |
| 14-Apr-2018 |
Andreas Gohr <andi@splitbrain.org> |
fallback for new section editing. fixes #2311
The displayed message now shows the target that was passed, which should
help identifying the troubling plugin.
Instead of failing, we fix the data our
fallback for new section editing. fixes #2311
The displayed message now shows the target that was passed, which should
help identifying the troubling plugin.
Instead of failing, we fix the data ourselves - this code will be
removed in the future.
show more ...
|
| #
a31af593 |
| 13-Apr-2018 |
Andreas Gohr <andi@splitbrain.org> |
Merge branch 'private_testing' into geshi_features
* private_testing: (375 commits)
make testing of inaccessible methods easier
updated composer dependencies
renamed ActionRouter::checkPermiss
Merge branch 'private_testing' into geshi_features
* private_testing: (375 commits)
make testing of inaccessible methods easier
updated composer dependencies
renamed ActionRouter::checkPermissions to checkPreconditions
shortened new search configs
Section edit: corrected pattern 'SEC_EDIT_PATTERN'
fix regex character class. fixes #2301
fix: switch extensions if stylesheet in style.ini doesn't exist
refactor: rename and move function to set $JSINFO
typo. capital P for class name
fix: add missing global $ACT for $JSINFO
refactor: use native json_encode for $JSINFO
refactor: rename JSINFO.DOKU_UHN and JSINFO.DOKU_UHC
refactor: extract $JSINFO initialization into tpl_ function
refactor: rename dta and dtb parameters
doc(search): parameter must be string or false
doc(search): highlight is expected to be an array
show adavanced tools with JavaScript only
adjusted language files to remove outdated string
removed sub header from all languages
added aria attributes
...
show more ...
|
| #
ec57f119 |
| 04-Jan-2018 |
LarsDW223 <lars_paulsen@web.de> |
Refactored section edit
The data for the section edit button is now passed as an assoziative array which is
encoded in the '#<!-- EDIT(.*) -->#' placeholder as an JSON array.
|
| #
345058f7 |
| 03-Jan-2018 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #2077 from schplurtz/vtt-tracks
Support Web Video Text Tracks Format subtitles
|
| #
912a6d48 |
| 21-Dec-2017 |
Phy <git@phy25.com> |
fix inconsistent use of rawurlencode
|
| #
15d771f7 |
| 20-Dec-2017 |
Phy <git@phy25.com> |
fix xhtml:internallink $params usage, fixes #2188
not perfect, but it works
|
| #
23c61bbe |
| 15-Dec-2017 |
Schplurtz le Déboulonné <Schplurtz@laposte.net> |
protect strings that depend on uploaded file name
|
| #
06917fce |
| 05-Sep-2017 |
Michael Große <grosse@cosmocode.de> |
fix: fix regex to return table secedit buttons
Since the hid is optional, it must also be optional in the regex. Also
this commit introduced named capture groups to make it more obvious
which part o
fix: fix regex to return table secedit buttons
Since the hid is optional, it must also be optional in the regex. Also
this commit introduced named capture groups to make it more obvious
which part of the regex captures what.
Also there is now an explicit hid generated for tables, to enable
jumping to the correct section after finishing editing.
This was broken in 2571786c763e04c7abbf27c2245a5720878dc3f1 or #1966
respectively.
Known Issues:
* since both title and hid are optional, a hid may be misinterpreted as
a title if the title is not generated.
show more ...
|
| #
01299338 |
| 28-Aug-2017 |
Schplurtz le Déboulonné <Schplurtz@laposte.net> |
use only language code, no language name
|
| #
20dc95cd |
| 27-Aug-2017 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #1933 from splitbrain/actionrefactor
Action Dispatch Refactoring
|
| #
594b1626 |
| 23-Aug-2017 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #2089 from phy25/fix-2080
Fix rendering null $language going to GeSHi (fixes #2088)
|
| #
a056e285 |
| 23-Aug-2017 |
Phy <git@phy25.com> |
Fix rendering null $language going to GeSHi (fixes #2088)
|
| #
f883db11 |
| 22-Aug-2017 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #2086 from phy25/fix-2081 CVE-2017-12980
Fix RSS syntax XSS bug (#2081)
|
| #
163c2842 |
| 20-Aug-2017 |
Phy <git@phy25.com> |
Fix RSS syntax XSS bug (#2081)
|
| #
56bd9509 |
| 17-Aug-2017 |
Phy <git@phy25.com> |
Fix sanitation of $language for code highlighting (fixes #2080)
|
| #
0877a1f1 |
| 15-Aug-2017 |
Schplurtz le Déboulonné <Schplurtz@laposte.net> |
Support Web Video Text Tracks Format subtitles
|
| #
7c6a857a |
| 15-Aug-2017 |
Andreas Gohr <andi@splitbrain.org> |
Merge branch 'master' into actionrefactor
* master: (65 commits)
updated composer dependencies
Release preparation
translation update
do not disclose email or IP addresses of users through R
Merge branch 'master' into actionrefactor
* master: (65 commits)
updated composer dependencies
Release preparation
translation update
do not disclose email or IP addresses of users through RSS
small fix
Make default encapsulation more readable and less duplicate.
Replace htmlspecialchars to hsc in core
Add the preview-bool for the cache file.
Add htmlspecialchars when showing $DATE_AT
#2021 broken links to W3C validators also dokuwiki and php are on https
made bin/wantedpage.php more flexible
doc abbreviation
Fix PHP Notices: Reduce error log noise
Create valid empty options
translation update
doc fix
translation update
using $options->getCmd to retrieve show-pages parameter
added option to wantedpages.php to show or not show pages where broken links occur
show pages where broken links occur: page_id => broken_link
...
show more ...
|
| #
8f34cf3d |
| 26-Jul-2017 |
Michael Große <grosse@cosmocode.de> |
Fix PHP Notices: Reduce error log noise
While DokuWiki suppresses PHP Notices they are still a code smell and
should be fixed. This fixes some PHP Notices that occurred.
Some of these fixes could b
Fix PHP Notices: Reduce error log noise
While DokuWiki suppresses PHP Notices they are still a code smell and
should be fixed. This fixes some PHP Notices that occurred.
Some of these fixes could be refactored into nicer code once we move to
PHP 7 and get access to the `??` operator.
show more ...
|
| #
e2d88156 |
| 23-May-2017 |
LarsDW223 <lars_paulsen@web.de> |
Added support for additional geshi options using an extendable options array.
|
| #
2571786c |
| 18-May-2017 |
LarsDW223 <lars_paulsen@web.de> |
always redirect to correct section
Across workflow 'show - sectionedit - save/cancel' explicitly
transmit header id to the server. So the server can always redirect to
the correct section even if he
always redirect to correct section
Across workflow 'show - sectionedit - save/cancel' explicitly
transmit header id to the server. So the server can always redirect to
the correct section even if headings have the same name. Fixes #1364.
show more ...
|
| #
35284e8c |
| 03-Feb-2017 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #1771 from splitbrain/blanktitles
fix problems with header that look falsy. fixes #1770
|
| #
9d2d084e |
| 30-Jan-2017 |
Andreas Gohr <andi@splitbrain.org> |
Merge pull request #1548 from splitbrain/fix-broken-js-in-xhtml
Fix broken JS in xhtml
|
| #
44f5d1c1 |
| 24-Jan-2017 |
Andreas Gohr <gohr@cosmocode.de> |
misspelled foot
|
| #
d2a99739 |
| 24-Jan-2017 |
Andreas Gohr <gohr@cosmocode.de> |
added table footer support to renderer
This allows plugins to easily render a <tfoot> element in a table, even
though it's not used in standard table syntax it makes sense to have it
available.
|