(security) Add CSRF protection and use Form class in popularity plugin

The plugin is accessible to managers, not just admins, and had two
separate issues.

1. Missing CSRF token (low severity)
Th

(security) Add CSRF protection and use Form class in popularity plugin

The plugin is accessible to managers, not just admins, and had two
separate issues.

1. Missing CSRF token (low severity)
The handler accepted the posted data and toggled autosubmit without
checking a security token. A cross-site forged POST against a logged-in
manager could enable autosubmit and trigger a submission of the wiki's
data to the popularity server.
2. Reflected XSS (low severity)
When a submission failed, the posted data was reflected back into a
readonly textarea without escaping. A value closing the textarea early
(eg. </textarea><script>...) could inject script into the manager's
browser.
To exploit this, not only a CSRF attack against an authenticated
manager was needed, also the connection to the DokuWiki popularity
server needed to fail.

The popularity plugin now verifies the security token before it sends
data or toggles the autosubmit option.

The form is now built via the the Form API so the textarea value is
escaped automatically. The security token is emitted automatically.
The fallback browser-submission form posts to an external server and is
built without the security token.

show more ...

code style: line breaks

code style: operator spacing

Apply rector renames

Apply rector fixes to the rest of lib/plugin

PSR-2 for popularity plugin

visibility declarations in plugins

remove DOKU_INC checks

There is no need for this check, since these files should not have any
main code that is executed on direct call.

Fixes PSR1.Files.SideEffects.FoundWithSymbols

changed all input type=submit buttons to button type=submit button for better stylability

Changes for PHP 7 Compatibility
- replace PHP4 style class constructor function names (based on
class name) with php 5 __construct()
Also remove some '&' reference operators used with objects
And a

Changes for PHP 7 Compatibility
- replace PHP4 style class constructor function names (based on
class name) with php 5 __construct()
Also remove some '&' reference operators used with objects
And add some object type hints

show more ...

Remove error supression for file_exists()

In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PH

Remove error supression for file_exists()

In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PHP 5.3 now, there's no need to supress any error here
anymore. This might even give a minor performance boost.

show more ...

get version popularity plugin direct from plugin info

Fixed gathering of version of popularity plugin

some coding style improvements

- removed some dead/unused code
- fixed phpdoc
- added typing on methods

Replacing $_REQUEST variables with $INPUT wrapper, popularity plugin

added some missing spaces (to popularity and revert plugins)

Fix display in popularity plugin

closed hidden input in popularity plugin

Popularity plugin displays the last time the data was sent

Add support for autosubmitting popularity data FS#2025

gather namespace stats in popularity plugin

plugin related autoloading

This patch moved the place where DOKU_PLUGIN is defined. It no longer
can be set from a normal config (only via preload)

fixed all remaining links to wiki.splitbrain.org and to restructured pages

darcs-hash:20080815134211-f7d6d-61f4f4fa1c5f62832d7cc5ad3e3a7a78460d2981.gz

Make popularity plugin available for managers

darcs-hash:20080320233725-7ad00-2d94f86b9d1b87846409ee286b39fdc16f987eaa.gz

popularity plugin: record PCRE infos

darcs-hash:20080220213222-7ad00-b573be21ba534bbd1a2d0616112d0d622338eaf8.gz