translation update

Remove unnecessary X-UA-Compatible header

Nowadays there is no need to specify such X-UA-Compatible header for these reasons:

1. "chrome=1" refers to the Chrome Frame, which has been retired in 2

Remove unnecessary X-UA-Compatible header

Nowadays there is no need to specify such X-UA-Compatible header for these reasons:

1. "chrome=1" refers to the Chrome Frame, which has been retired in 2014 and is not used nor supported any more. See https://blog.chromium.org/2013/06/retiring-chrome-frame.html. Specifying "chrome=1" causes the only error when validating DokuWiki through W3 validator (although this is a HTTP header).

2. "IE=edge" is the default document mode starting with IE 11 (and in Edge, of course). Therefore specifying document mode to EdgeHTML is obsolete. Moreover, starting with Windows 10 (2015/2016), document modes are deprecated. See https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/compatibility/dn384051(v=vs.85).

show more ...

translation update

translation update

translation update

Update lang.php

translation update

translation update

Final project-wide check of curly brace deprecations.

Fix PHP 7.3 deprecations in lib/ directory.

clarified trustedproxy - empty = trust no proxy

translation update

Update de, de-informal

sort plugins in plugin_list()

Revert "eliminate access to global $plugin_controller"

This reverts commit 2b1bb8ffafe5d72c35b81659b1d96b8dc19f0de3.

Revert "sort plugins in Config Manager"

This reverts commit d2a8ea656a16abfd37fe4ffb58d1cf7e4ddf2e15.

translation update

clarified trustedproxy setting

eliminate access to global $plugin_controller

sort plugins in Config Manager

clientIP: add trustedproxy, return first untrusted IP instead of the last one

This fixes #2828, where malicious clients passed in customized HTTP header to keep its IP address off records.

This is

clientIP: add trustedproxy, return first untrusted IP instead of the last one

This fixes #2828, where malicious clients passed in customized HTTP header to keep its IP address off records.

This is inspired by Sympony's Request::setTrustedProxies, but I don't want to implement everything including IP CIDR matching (IPv4 + IPv6), so I decided to reuse the local IP checker in place powered by regexp. Now admins can customize this "local" (trusted) proxy list using $conf['trustedproxy'], and by default it will allow any local IPs.

If in the future there is a need to implement array-based CIDR matching, $conf['trustedproxies'] can be used for the new config name.

show more ...

css_compress: quote placeholder to simply quote protection

There are two ways of doing this:

1. "doku" > STR1 > "doku"
2. "doku" > "1" > "doku"

#1 is what I did before. I did replace STRN with a n

css_compress: quote placeholder to simply quote protection

There are two ways of doing this:

1. "doku" > STR1 > "doku"
2. "doku" > "1" > "doku"

#1 is what I did before. I did replace STRN with a new placeholder in the previous implementation so that there is no conflict. However #2 is more elegant, so this commit implements it.

Test is updated to address splitbrain's concern about placeholder string in the original text.

show more ...

css_compress: use placeholder to keep quoted strings, fixes #2517

The idea mainly comes from https://github.com/matthiasmullie/minify/blob/97f118c4c745c7c8e47207f2daf3bab13ca65404/src/Minify.php#L343

ACL Plugin: make item formatter public again

The formatter needs to be public to be called from html_buildlist()

Do config backups with .php extension fixes #2446