Fixed XML-RPC getAttachment method.
Without creating an IXR_Base64 object, the file will be encoded as base64, but send as string. The client XML-RPC parser cannot detect that it is meant to be a ba

Fixed XML-RPC getAttachment method.
Without creating an IXR_Base64 object, the file will be encoded as base64, but send as string. The client XML-RPC parser cannot detect that it is meant to be a base64 encoded file.

show more ...

Fix double-decoding in XMLRPC putAttachment

Fix XML-RPC login method FS#2324

The login wasn't able to modify the session as it was already closed
earlier.

This patch also executes the correct event when logins via XMLRPC are
done.

Only send 401 if user is not logged in in XML-RPC FS#2133

If the user is already logged in, a 403 is sent instead now.

Send a 401 Unauthorized header in XML-RPC when access is denied

This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sendin

Send a 401 Unauthorized header in XML-RPC when access is denied

This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sending proper
status codes should be implemented when the API implementation
refactoring is done.

show more ...

make use of auth_isMember() in XMLRPC authentication check FS#2287

Merge branch 'master' into indexer_rewrite

Conflicts:
inc/fulltext.php
inc/indexer.php
lib/exe/indexer.php

Use common media_save in media_upload and putAttachment

Changes:
* XML-RPC now correctly allows leading and trailing _
* Error messages from XML-RPC are correct
* MEDIA_UPLOAD_FINISH has a six

Use common media_save in media_upload and putAttachment

Changes:
* XML-RPC now correctly allows leading and trailing _
* Error messages from XML-RPC are correct
* MEDIA_UPLOAD_FINISH has a sixth param specifying the move function
* Not having upload rights when using media_upload throws a msg

show more ...

XML-RPC deleteAttachment now uses media_delete

Functionality changes:
* deleteAttachment now triggers MEDIA_DELETE_FILE (closes FS#1568)
* deletion success msg in mediamanager is correct, even w

XML-RPC deleteAttachment now uses media_delete

Functionality changes:
* deleteAttachment now triggers MEDIA_DELETE_FILE (closes FS#1568)
* deletion success msg in mediamanager is correct, even when the ns dir
was deleted
* media_delete changed quite a bit

show more ...

Merge branch 'master' into indexer_improvements

Conflicts:
inc/fulltext.php
inc/indexer.php
lib/exe/indexer.php

Fix several security issues in the XML-RPC interface

For locks and getRevisions there hasn't been any acl check. In many
other cases the id hadn't been cleaned before the acl check was done
which me

Fix several security issues in the XML-RPC interface

For locks and getRevisions there hasn't been any acl check. In many
other cases the id hadn't been cleaned before the acl check was done
which means that many acl rules that should be applied weren't applied.
So e.g. when you have read permissions for the root namespace but not
for a subnamespace you could add a leading ":" and the permissions for
the root namespace will be used instead of the permissions for the
subnamespace. This did not apply to writing pages and reading media
files, but writing and deleting media files have been concerned as well
as reading both plain and html versions of pages.

This only concerns installations where XML-RPC is enabled (default is
disabled) and XML-RPC is allowed for all or untrusted users.

show more ...

Indexer v3 Rewrite part two, update uses of indexer

Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3

As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is o

Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3

As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is opened,
thus this commit removes the enc setting from the modeline.

show more ...

Use a different indexer version when external tokenizer is enabled

Added XMLRPC dokuwiki:appendPage

Add title index to the indexer files, improve indexer calls

added cleanID to xmlrpc call wiki.getBackLinks

Adding getTitle to the XML-RPC API

Fix #1943: full text search XML-RPC call should return the $pages instead of $data

Use md5sum of id and client ip as temporary filename in XML-RPC

Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XM

Use md5sum of id and client ip as temporary filename in XML-RPC

Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.

show more ...

Merge branch 'requireall'

Conflicts:
inc/fulltext.php

Move & rename HTML_PAGE_FROMTEMPLATE to common.php

The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template
has been read but before performing the template replacements.

added dokuwiki.search XMLRPC call FS#1882

removed require's in lib/exe/*

do not trim XMLRPC values FS#1824

Ignore-this: f43d3f070cfae4040e0e70648d0e541a
The XMLRPC backend will not trim whitespaces or newlines from string values
anymore.

darcs-hash:20091219151652-7ad00-

do not trim XMLRPC values FS#1824

Ignore-this: f43d3f070cfae4040e0e70648d0e541a
The XMLRPC backend will not trim whitespaces or newlines from string values
anymore.

darcs-hash:20091219151652-7ad00-94d6cb26ff6396e09f107cf09dccb5423680c5c9.gz

show more ...