Remove the htmlok and phpok embedding options

Both options have grave security implications and novice users seem to
ignore advice about them. In the last decades I never came across a wiki
that had

Remove the htmlok and phpok embedding options

Both options have grave security implications and novice users seem to
ignore advice about them. In the last decades I never came across a wiki
that had legitimate use of these options.

If someone needs the functionality, it can easily be added back using a
plugin. But I prefer to give users one less option to shoot themselves
in the foot.

Removal of the translations for the config strings can follow after this
has been merged.

show more ...

translation update

Minify sytnax

Update inc/toolbar.php

Minify syntax

Co-authored-by: Gerrit Uitslag <klapinklapin@gmail.com>

Fix toolbar in popup.php

The popup throws two warnings becasue $INFO is NULL within the popup itself.

This fixes this warning but not sure if it is intended to be null.
Fixes:
Warning: Trying t

Fix toolbar in popup.php

The popup throws two warnings becasue $INFO is NULL within the popup itself.

This fixes this warning but not sure if it is intended to be null.
Fixes:
Warning: Trying to access array offset on value of type null in D:\xampp\htdocs\dokuwiki\inc\toolbar.php on line 271
Warning: Trying to access array offset on value of type null in D:\xampp\htdocs\dokuwiki\inc\toolbar.php on line 272

show more ...

Shorten comment line to appease PHP Code Sniffer

Remove PHP version differentiation for MAILHEADER_EOL

remove obsolete define of MAILHEADER_EOL

But make sure that inc/mail.php where this is defined was included.

Handle change of line endings in mail() in PHP 8.0.14+

translation update

SECURITY fix difftype handling. #3761

Fix clientIP() returning the wrong address

Add Message-ID to all mails

RFC 5322 specifies that all mails SHOULD have a Message-ID field. While
originating SMTP servers MAY (as per RFC 5321) add a missing Message-ID,
this behavior is not mand

Add Message-ID to all mails

RFC 5322 specifies that all mails SHOULD have a Message-ID field. While
originating SMTP servers MAY (as per RFC 5321) add a missing Message-ID,
this behavior is not mandatory.
Multiple mail providers, e.g. Gmail, reject mails without a Message-ID
field, rendering their users unable to receive mails from a Dokuwiki
instance using a standard-conforming mail server.

This commit simply adds a random Message-ID to a mail's headers during
Mailer class initialization. With the current behavior of setHeader(),
overwriting that header happens without additional changes, should
another Message-ID be necessary, warranted or desired.

show more ...

translation update

use $INPUT to access authentication environment #3750

This should fix warnings about missing data.

introduce sexplode() as a PHP8 safe explode()

We often have constructs like

list($foo, $bar) = explode(',', $input, 2);

In PHP8+ this will throw warnings when the explode returns fewer than 2
elem

introduce sexplode() as a PHP8 safe explode()

We often have constructs like

list($foo, $bar) = explode(',', $input, 2);

In PHP8+ this will throw warnings when the explode returns fewer than 2
elements. Our code usually (always?) will anticipate missing elements so
the construct isn't really problematic.

The implementation here wraps the solution suggested at
https://stackoverflow.com/a/56971347 into a new utility function.

I anticipate that people might object to the function name. It was
chosen as a short form of "safe explode". This makes fixing the warning
easy by simply adding a single letter. I also find it slightly amusing
and would be open to change it to just sex() just for the fun of it.

show more ...

avoid warning for new subscribers

When a subscriber never received an email no last sent timestamp is set.
PHP8 threw a warning on a missing array key, there.

fix warning when no headline id is provided in section editor

When plugins implement their own section editor, usually no hid parameter
will be set, triggering a warning in PHP 8.

fixes #114

fix codestyle

Remove Accept-Encoding from auth_browseruid()

Browsers do not send the same Accept-Encoding header for all requests, so using
it as part of auth_browseruid() can break things. For example, the audi

Remove Accept-Encoding from auth_browseruid()

Browsers do not send the same Accept-Encoding header for all requests, so using
it as part of auth_browseruid() can break things. For example, the audio
CAPTCHA in the official CAPTCHA plugin stopped matching its corresponding
image. Details here:

https://github.com/splitbrain/dokuwiki-plugin-captcha/issues/115#issuecomment-1215007408

show more ...

replace deprecated method calls

another go at #3717

c0ece86a0ac0cfab0856b056fb3ce8e726855542 was wrong too, because most
deprecation logs drop the callee

output log messages to STDERR during unit testig

This is especially helpful to notice deprecation messages

Another fix for #3717

The deprecation mechanism did actually log the wrong file (callee
instead of caller). This was fixed and the message adjusted again.

A guardian for very short backtraces and l

Another fix for #3717

The deprecation mechanism did actually log the wrong file (callee
instead of caller). This was fixed and the message adjusted again.

A guardian for very short backtraces and large offsets was added

show more ...

log deprecation messages independent from allowdebug

Only the logging configuration should influnece if deprecation messages
are to be logged. By default they should be logged.