translation update

avoid HTTP Response Splitting attacks via redirects #1513

The header() method of PHP is vulnerable to HTTP Response Splitting
attacks.

This change makes sure the URL passed to send_redirect (and th

avoid HTTP Response Splitting attacks via redirects #1513

The header() method of PHP is vulnerable to HTTP Response Splitting
attacks.

This change makes sure the URL passed to send_redirect (and thus to
header()) does not contain any control characters that would be needed
to execute such an attack.

Cleaning input is recommended anyway.

show more ...

translation update

remove unnecessary fullpath()

strlen does already calculate the right length

remove fullpath() call

fullpath processing here seems unnecessary, wikiFN($ID) returns a valid filepath for the page text file.

translation update

Not needed due to use of more general functions

wrong entry of revinfo used in detectExternalEdit

rename variables in detectExternalEdit

filesize zero cases, compressed revisions

- handle all cases where not an old file exist, or when that old file is
zero size.
- When using old revision normally these files are compressed, use
uncom

filesize zero cases, compressed revisions

- handle all cases where not an old file exist, or when that old file is
zero size.
- When using old revision normally these files are compressed, use
uncompressed size.

show more ...

io_getSizeFile returns uncompressed size of given file

A bz2-file doesn't contain information about the size of its
uncompressed content. Therefore it requires reading the whole file to
obtain the f

io_getSizeFile returns uncompressed size of given file

A bz2-file doesn't contain information about the size of its
uncompressed content. Therefore it requires reading the whole file to
obtain the filesize.

show more ...

little reformat of saveWikiText

Invalidate user session cache after profile data was changed

add support for new Django hashing methods

New Python Django application default to PBKDF2 with SHA256 as a
password mechanism. This adds support for that mechanism in our
password hasher class. Thi

add support for new Django hashing methods

New Python Django application default to PBKDF2 with SHA256 as a
password mechanism. This adds support for that mechanism in our
password hasher class. This will be needed in the tests for the new
PDO auth plugin.

show more ...

usie a strict comparison === instead

use getNS() call instead of dirname()

#1477:Search heading still displayed although search disabled

removed isset() from blank() function

As discussed in #1471, an uninitialized variable will always be
implicitly created when passed to the blank() function. Calling isset()
is thus a no-op. A warni

removed isset() from blank() function

As discussed in #1471, an uninitialized variable will always be
implicitly created when passed to the blank() function. Calling isset()
is thus a no-op. A warning about this behavior has been added to the
function comment.

show more ...

refactor page saving and introduce COMMON_WIKIPAGE_SAVE

This makes the saveWikiText() function a little easier to read and moves
external edit handling to its own function. Behavior stays the same
(

refactor page saving and introduce COMMON_WIKIPAGE_SAVE

This makes the saveWikiText() function a little easier to read and moves
external edit handling to its own function. Behavior stays the same
(tests are unchanged).

In addition a new event COMMON_WIKIPAGE_SAVE is introduced that makes
intercepting and acting on page saves much easier than possible before.

Developers can:

* prevent saves by either preventing the default action or overwriting
the contentChanged field in a BEFORE hook
* enforce saves even when no content changed by overwriting the
contentChanged field in a BEFORE hook
* Adjust the saved content by modifying the newContent field in a BEFORE
hook
* Adjust the stored change log information (summary, type, extras) in an
AFTER hook
* Easily know if a page was deleted, created or edited by inspecting the
changeType field
* what ever they want before or after a wiki page is saved

show more ...

translation update

translation update

translation update

do not accept empty or root $base in search. fixes #1452

You really never want to search the whole filesystem, so something must
have gone wrong. Better abort than go on.

fixed wrongly closed section edit button

The opening tag of the button was self closing, creating invalid HTML.

See https://forum.dokuwiki.org/thread/13346 for initial report