run passcrypt when user does not exist #4491

This will automatically use the configured password hashing method, thus
matching what existing users most likely have for their hash as well.

correctly escape comments in user names. fixes #4099

code style: operator spacing

coding style: control flow whitespaces

Apply rector renames

Apply rector fixes to auth plugins

AuthPlain user parsing fix. #3833

This removes workarounds we had for old PCRE versions. All modern PHP
releases should be workable with the Regex we have.

If splitting the user line results in les

AuthPlain user parsing fix. #3833

This removes workarounds we had for old PCRE versions. All modern PHP
releases should be workable with the Regex we have.

If splitting the user line results in less than 5 results, we log an
error and pad the result for further use.

show more ...

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cl

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cleanGroup replaced columns in given names. But
depending on the wiki configuration useslash, semicolons and slashes may
also be used as namespace separators. cleanID would replace those with
colons, reintroducing colons into the names.

The problem was reported in a forum post where spammers tried to
register http addresses as user names:

https://forum.dokuwiki.org/d/19796-spammers-with-in-their-name

Users with colons were correctly saved (the colon is escaped in the user
file) but could probably not login (unless using a slash or semicolon
instead of the colon). Since usernames are cleaned in many places in
DokuWiki, such a logged in user was probably not recognized correctly.

Because of the proper colon escaping when saving the user file, I don't
see any security issue arising from this. Eg. it was not possible to
trip up the user loading mechanism.

Note: Previously created users containing colons can not be deleted via
the user manager, because displayed usernames are cleaned again, which
will remove the colons.

show more ...

refresh user cache in plain auth on user modifying

When a user login was renamed, the user appeared twice. Once as the old
user and once as the new user.

Changes according to revisions in https://github.com/moisesbr-dw/dokuwiki/pull/2

Many minor details and use of Sort::xyz() instead of intl_xyz() in files outside the "inc" folder.

Authorization plugins

[enhancement] group sorting in authplain

fixed merge error

Merge branch 'master' into psr2

* master: (34 commits)
fix color for noninstalled extensions
show disabled extensions in gray
warn about inaccessible repo api
bugfix: access check was never

Merge branch 'master' into psr2

* master: (34 commits)
fix color for noninstalled extensions
show disabled extensions in gray
warn about inaccessible repo api
bugfix: access check was never cached
First go on a CLI component for the extension manager
use strict type comparison
translation update
translation update
fix #dokuwiki__sitetools current item not in highlight due to Greebo change
authplain: Add tests for group retrieval
authplain: Add a simple method for retrieving user groups
translation update
Negative string offsets are allowed in PHP 7.1+ only
improve memory check output
fix and test php_to_byte() related to #2756 #2556
translation update
translation update
translation update
translation update
translation update
...

show more ...

authplain: Add a simple method for retrieving user groups

PSR-2 for authplain plugin

line lengths shortened

This makes sure all files use line lenghts shorter than 120 characters.

This is a quick fix. It might not always be the nicest change.

remove DOKU_INC checks

There is no need for this check, since these files should not have any
main code that is executed on direct call.

Fixes PSR1.Files.SideEffects.FoundWithSymbols

removed wrong comment - str_getcsv isn't powerful enough

See https://github.com/splitbrain/dokuwiki/issues/1535#issuecomment-227039700

Add a protected file to the authplain config cascade

This adds the possibility to define file with protected users in the
config cascade to be used with the plain auth mechanism.

This makes it poss

Add a protected file to the authplain config cascade

This adds the possibility to define file with protected users in the
config cascade to be used with the plain auth mechanism.

This makes it possible for farms to have way to inherit Farmer users in
animals.

show more ...

Merge branch 'master' into ioreplaceinfile

Use io_replaceInFile for updating auth

Report more meaningful errors when an auth backend fails. closes #1093

Remove error supression for file_exists()

In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PH

Remove error supression for file_exists()

In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PHP 5.3 now, there's no need to supress any error here
anymore. This might even give a minor performance boost.

show more ...

Merge remote-tracking branch 'origin/master' into scrutinizerissues

Conflicts:
inc/media.php
inc/plugin.php
inc/template.php
lib/plugins/authplain/_test/escaping.test.php
lib/plugins/syntax.php

escaping backslash should be included in split items