| 25f80763 | 11-Mar-2015 |
Michael Große <grosse@cosmocode.de> |
Get total number of users in ad, needed for paging |
| 138a9500 | 03-Mar-2015 |
Andreas Gohr <gohr@cosmocode.de> |
send JavaScript with correct mimetype
While Browsers (IE of course) still fail to accept the correct
application/javascript mimetype in the type attribute of the script
element, we should serve the
send JavaScript with correct mimetype
While Browsers (IE of course) still fail to accept the correct
application/javascript mimetype in the type attribute of the script
element, we should serve the scripts with the correct Content-Type
header at least. This is especially important as the default
configuration of mod_deflate expects application/javascript and will not
compress text/javascript.
show more ...
|
| 6619ddf4 | 03-Mar-2015 |
Sascha Klopp <klopp@rrzn.uni-hannover.de> |
Two new authldap config options: 'userkey' denotes the LDAP
attribute holding the username, 'modPass' allows to disable
password changing by the user. |
| 42f3fd0a | 25-Feb-2015 |
Cyril Duchon-Doris <Cyril.Duchon-Doris@telecom-paristech.org> |
Reverting changes so as to use already existing function, and adding admin check |
| a2e737c4 | 25-Feb-2015 |
Andreas Gohr <gohr@cosmocode.de> |
remove additional sidebar bottom margin in phone mode |
| 6401de3d | 24-Feb-2015 |
Schplurtz le Déboulonné <schplurtz@laposte.net> |
translation update |
| 9cbf80e6 | 24-Feb-2015 |
Andreas Gohr <andi@splitbrain.org> |
check permissions in ACL plugin's RPC API component. #1056
Security Fix
Severity: Medium
Type: Remote Priviledge Escalation
Remote: yes
Vulnerability Details:
This fixes a security hole in
check permissions in ACL plugin's RPC API component. #1056
Security Fix
Severity: Medium
Type: Remote Priviledge Escalation
Remote: yes
Vulnerability Details:
This fixes a security hole in the ACL plugins remote API component. The
plugin failed to check for superuser permissions before executing ACL
addition or deletion. This means everybody with permissions to call the
XMLRPC API also had permissions to set up their own ACL rules and thus
circumventing any existing rules.
Risk Assessment:
The XMLRPC API in DokuWiki is marked experimental and off by default. It
also implements an additional safeguard by giving access to a configured
circle of users and groups only. So only a minor number of DokuWiki
installations will be affected at all.
For affected installations the risk is high if users with access to the
API are not to be trusted.
Thus the overall severity of medium.
Resolution:
Installations applying this commit are safe. A hotfix is about to be
released. Meanwhile users are advised to disable the XMLRPC API in the
config manager.
show more ...
|
| 1fa1d6bc | 24-Feb-2015 |
Cyril Duchon-Doris <Cyril.Duchon-Doris@telecom-paristech.org> |
Fixing bugs found by scrutinizer |
| 6d2588b6 | 24-Feb-2015 |
Cyril Duchon-Doris <Cyril.Duchon-Doris@telecom-paristech.org> |
Adding listAcls to the XMLRPC API as suggested in Issue #1054 |
| 757f6dda | 24-Feb-2015 |
Andreas Gohr <gohr@cosmocode.de> |
simple fix for pageID clash with sidebar in mobile view
Since the pageid is no longer positioned absolute it clashed with the
sidebar since #1027. this introduces a very simplisitc fix. |
| 30c46635 | 24-Feb-2015 |
Andreas Gohr <gohr@cosmocode.de> |
fixed the margin for the sidebar |
| 15a61525 | 24-Feb-2015 |
Andreas Gohr <gohr@cosmocode.de> |
add bottom margin to tables in print. fixes #1052 |
| c2a2396e | 13-Feb-2015 |
Álvaro Iradier <airadier@gmail.com> |
translation update |
| 2a3c155c | 12-Feb-2015 |
Tim222 <tim.weinhold@gmail.com> |
Added icon for interwiki.conf
Support for the URI scheme tel: #643 |
| cbb4a681 | 12-Feb-2015 |
lainme <lainme993@gmail.com> |
translation update |
| eba389bb | 09-Feb-2015 |
Andreas Gohr <gohr@cosmocode.de> |
avoid messages pushing down page tools. fixes #1011
This moves the message area into content div. The pageid is now aligned
by floating instead of absolute positioning. |
| d75d76b2 | 09-Feb-2015 |
Andreas Gohr <gohr@cosmocode.de> |
fix referral settings in AuthLDAP. closes #1023 |
| 4c32d8dc | 09-Feb-2015 |
Andreas Gohr <gohr@cosmocode.de> |
fixed method signature #1024 |
| ea0c1427 | 05-Feb-2015 |
Christoph Dwertmann <cdwertmann@gmail.com> |
Add ob_flush() to sendGIF
I'm running this dokuwiki docker container: https://registry.hub.docker.com/u/mprasil/dokuwiki/
It uses lighttpd and fastcgi. For some reason, the ignore_user_abort() fe
Add ob_flush() to sendGIF
I'm running this dokuwiki docker container: https://registry.hub.docker.com/u/mprasil/dokuwiki/
It uses lighttpd and fastcgi. For some reason, the ignore_user_abort() feature where the browser should close the connection after the GIF has been received is not working on lighty. The browser keeps loading the page until the indexer run is complete, which leads to extremely slow load times with a larger page index.
Adding ob_flush() to sendGIF fixes the issue.
show more ...
|
| c85cbe69 | 28-Jan-2015 |
Davor Turkalj <turki.bsc@gmail.com> |
translation update |
| 9b505d59 | 25-Jan-2015 |
Aleksandr Selivanov <alexgearbox@yandex.ru> |
translation update |
| 208f4580 | 15-Jan-2015 |
Andreas Gohr <gohr@cosmocode.de> |
fixed wrong config check in extension manager #1006 |
| 5af3d1cd | 14-Jan-2015 |
KeenRivals <KeenRivals@users.noreply.github.com> |
Losslessly reduced PNG images with optipng -o7 -strip all, advdef -z4 -i60, and advpng -z4 -i60. |
| 7f253bcd | 12-Jan-2015 |
Rainbow Spike <Dr-Yukon@users.noreply.github.com> |
Update css.php
1 little fix |
| 276820f7 | 10-Jan-2015 |
Scrutinizer Auto-Fixer <auto-fixer@scrutinizer-ci.com> |
Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com |