(security) Enforce per-page edit permission in the revert plugin

The revert manager is accessible to managers, not just admins. Its
reversion loop called saveWikiText() for every submitted page id w

(security) Enforce per-page edit permission in the revert plugin

The revert manager is accessible to managers, not just admins. Its
reversion loop called saveWikiText() for every submitted page id without
checking the per-page ACL, relying only on the manager role. A manager
denied edit on a namespace could therefore revert those pages to an
older revision or blank them entirely (low severity).

The page listing already hid unreadable pages, but offered every
readable page for reversion, including ones the manager could not edit.
A hand-crafted POST could also target arbitrary ids regardless of what
the listing showed.

Each id is now cleaned and checked for edit permission before it is
reverted; ids that fail the check are silently skipped. The listing
additionally only offers pages the manager actually has edit permission
on, so the form and the action agree.

show more ...

updated rector and applied it

Revert "use a dispatcher to access static image files"

This reverts commit 944e9ba7254387adb60f253b0d8796f2276096b1.

It was accidentally pused to master before review. A PR with a revert
for the re

Revert "use a dispatcher to access static image files"

This reverts commit 944e9ba7254387adb60f253b0d8796f2276096b1.

It was accidentally pused to master before review. A PR with a revert
for the revert will be pushed shortly.

show more ...

use a dispatcher to access static image files

This makes it possible to replace default images in an update safe way.
It also addresses the issue raised in dokuwiki/docker#16

A .htaccess rewrite ca

use a dispatcher to access static image files

This makes it possible to replace default images in an update safe way.
It also addresses the issue raised in dokuwiki/docker#16

A .htaccess rewrite catches any direct accesses that might come in from
plugins.

show more ...

code style: operator spacing

Apply rector renames

Apply rector fixes to the rest of lib/plugin

split changelog classes into their own namespace

The remaining functions in inc/changelog.php should be moved into a
utility class.

PSR-2 for revert plugin

visibility declarations in plugins

line lengths shortened

This makes sure all files use line lenghts shorter than 120 characters.

This is a quick fix. It might not always be the nicest change.

remove DOKU_INC checks

There is no need for this check, since these files should not have any
main code that is executed on direct call.

Fixes PSR1.Files.SideEffects.FoundWithSymbols

changed all input type=submit buttons to button type=submit button for better stylability

php7 compatibility: change revert plugin constructor to __construct

refactor PageRevisionLog into Media- and PageChangelog extending Changelog

update function calls to changelog functions

Fix CodeSniffer whitespace violoations

Removed extraneous whitespace to eliminate errors reported by the
Squiz.WhiteSpace.SuperfluousWhitespace sniff.

Fix CodeSniffer violations for PHP files

Fix violations for Generic.PHP.LowerCaseConstant.Found

Re-enable displaying the date in the revert manager (Fixes FS#2073)

fixed use of removed plugin function in revert plugin (FS#2744)

Fix remaining missing $INPUT uses FS#2577

This adds $INPUT in all places where it was still missing and available.
$INPUT is now also used in places where using $_REQUEST/... was okay in
order to ma

Fix remaining missing $INPUT uses FS#2577

This adds $INPUT in all places where it was still missing and available.
$INPUT is now also used in places where using $_REQUEST/... was okay in
order to make the code consistent.

show more ...

some coding style improvements

- removed some dead/unused code
- fixed phpdoc
- added typing on methods

added some missing spaces (to popularity and revert plugins)

xml compatibility fixes (mainly entities to unicode conversions)

added new plugins config cascade and added plugin.info.txt