getUserData should really be implemented always... (FS#1272)

... but with this patch DokuWiki will not break completely when left out for
trustExternal() auth backends

darcs-hash:20071203201532-7ad

getUserData should really be implemented always... (FS#1272)

... but with this patch DokuWiki will not break completely when left out for
trustExternal() auth backends

darcs-hash:20071203201532-7ad00-72dbc2d16e4c8c09cca9558286164f4d858c19ce.gz

show more ...

ACL Manager rewritten

This patch replaces the old ACL manager plugin with a new, completely
rewritten one.

The ACL manager is now independent of the page from which it was called,
instead all pages

ACL Manager rewritten

This patch replaces the old ACL manager plugin with a new, completely
rewritten one.

The ACL manager is now independent of the page from which it was called,
instead all pages and namespaces are selectable from an AJAX enhanced
list similar to the one used in the media manager. This should take care
of a major complain by new users.

Another major confusion was that the old manager only showed relevant
rules. This new manager always shows *all* defined ACL rules.

darcs-hash:20071117155740-7ad00-1de71e396d5dbc117bf5788fb5667af828d5c20f.gz

show more ...

Small fix for CSRF check in config and ACL plugins

darcs-hash:20070908142300-7ad00-ecb0aa5d77f6451b33988e6008e0297bd4425948.gz

CSRF prevention for admin plugins

This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed

CSRF prevention for admin plugins

This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed aiming to protect DokuWiki's admin functions from Cross-site request
forgery (CSRF) attacks.

Another patch will follow to add the same functionality on other, less critical
functions.

More details on CSRF attacks can be found at
http://en.wikipedia.org/wiki/Cross-site_request_forgery

darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz

show more ...

Bug#680

Update default plugins to ensure they exit immediately
if not called from within Dokuwiki

darcs-hash:20060409233841-9b6ab-555e4fced756849a5d7b9de6e4aaaea24c6da3ae.gz

making basic, acl and usermanager styles more independent from templates

darcs-hash:20060308211121-d5083-5301446cdca891cdbcd46e2667ecbf2dcd6af414.gz

last strictness for plugins

darcs-hash:20060303173305-d5083-c45233160558f3f016d258a11f81482caaf06c05.gz

Allow non-ID names in ACLs

Some auth backends allow special chars like whitespaces in user and group
names. This made problems with the existing ACL checks and ACL manager.
This patch makes the ACL

Allow non-ID names in ACLs

Some auth backends allow special chars like whitespaces in user and group
names. This made problems with the existing ACL checks and ACL manager.
This patch makes the ACL system work with these cases by (url)encoding all
special chars below 128.

darcs-hash:20060302101850-6e07b-14bda9dbdb3528904325419b35bb9eddb0d1dde3.gz

show more ...

moved translations for ACL manager

darcs-hash:20060127141826-7ad00-c1689c7db5c4831fbbfca4a4c6c5f27c64546951.gz

closed <td> in acl plugin

darcs-hash:20060126225603-d5083-eade1a84225396378bcf52ebce70c5dc74f8ee04.gz

admin plugin i/face + acl plugin

darcs-hash:20050824224718-50fdc-6d27ff70e60e6fe547aff6c2b305507c4ab3f669.gz