correctly escape comments in user names. fixes #4099

AuthPlain user parsing fix. #3833

This removes workarounds we had for old PCRE versions. All modern PHP
releases should be workable with the Regex we have.

If splitting the user line results in les

AuthPlain user parsing fix. #3833

This removes workarounds we had for old PCRE versions. All modern PHP
releases should be workable with the Regex we have.

If splitting the user line results in less than 5 results, we log an
error and pad the result for further use.

show more ...

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cl

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cleanGroup replaced columns in given names. But
depending on the wiki configuration useslash, semicolons and slashes may
also be used as namespace separators. cleanID would replace those with
colons, reintroducing colons into the names.

The problem was reported in a forum post where spammers tried to
register http addresses as user names:

https://forum.dokuwiki.org/d/19796-spammers-with-in-their-name

Users with colons were correctly saved (the colon is escaped in the user
file) but could probably not login (unless using a slash or semicolon
instead of the colon). Since usernames are cleaned in many places in
DokuWiki, such a logged in user was probably not recognized correctly.

Because of the proper colon escaping when saving the user file, I don't
see any security issue arising from this. Eg. it was not possible to
trip up the user loading mechanism.

Note: Previously created users containing colons can not be deleted via
the user manager, because displayed usernames are cleaned again, which
will remove the colons.

show more ...

add needed type hints for phpunit8

This will break a lot of plugin tests, but can't be avoided

fixed auth plain test

PSR-2 for authplain plugin

add phpdocs

add more plugin groups to authplain test

Scrutinizer Auto-Fixes

This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com

Merge remote-tracking branch 'origin/master' into scrutinizerissues

Conflicts:
inc/media.php
inc/plugin.php
inc/template.php
lib/plugins/authplain/_test/escaping.test.php
lib/plugins/syntax.php

escaping backslash should be included in split items

Fix for issues 877 & 885 related to a bug in PCRE 6.6

PHPDocs and some improvements

authplain: Escape ':' in any data field as '\:'

':' is the field delimiter in the authplain flat text
conf/users.auth.php file, but it's also used as an internal delimiter
for the 'mediawiki' passwo

authplain: Escape ':' in any data field as '\:'

':' is the field delimiter in the authplain flat text
conf/users.auth.php file, but it's also used as an internal delimiter
for the 'mediawiki' password hash format. Currently using this hash
format corrupts the file

This change escapes ':' as '\:' in any field in the users.auth.php
file, and any '\' as '\\'.

Also adds test cases for escaping modes.

show more ...