Fix PHP 7.3 deprecations in lib/ directory.

clarified trustedproxy - empty = trust no proxy

translation update

Update de, de-informal

sort plugins in plugin_list()

Revert "eliminate access to global $plugin_controller"

This reverts commit 2b1bb8ffafe5d72c35b81659b1d96b8dc19f0de3.

Revert "sort plugins in Config Manager"

This reverts commit d2a8ea656a16abfd37fe4ffb58d1cf7e4ddf2e15.

translation update

clarified trustedproxy setting

eliminate access to global $plugin_controller

sort plugins in Config Manager

clientIP: add trustedproxy, return first untrusted IP instead of the last one

This fixes #2828, where malicious clients passed in customized HTTP header to keep its IP address off records.

This is

clientIP: add trustedproxy, return first untrusted IP instead of the last one

This fixes #2828, where malicious clients passed in customized HTTP header to keep its IP address off records.

This is inspired by Sympony's Request::setTrustedProxies, but I don't want to implement everything including IP CIDR matching (IPv4 + IPv6), so I decided to reuse the local IP checker in place powered by regexp. Now admins can customize this "local" (trusted) proxy list using $conf['trustedproxy'], and by default it will allow any local IPs.

If in the future there is a need to implement array-based CIDR matching, $conf['trustedproxies'] can be used for the new config name.

show more ...

css_compress: quote placeholder to simply quote protection

There are two ways of doing this:

1. "doku" > STR1 > "doku"
2. "doku" > "1" > "doku"

#1 is what I did before. I did replace STRN with a n

css_compress: quote placeholder to simply quote protection

There are two ways of doing this:

1. "doku" > STR1 > "doku"
2. "doku" > "1" > "doku"

#1 is what I did before. I did replace STRN with a new placeholder in the previous implementation so that there is no conflict. However #2 is more elegant, so this commit implements it.

Test is updated to address splitbrain's concern about placeholder string in the original text.

show more ...

css_compress: use placeholder to keep quoted strings, fixes #2517

The idea mainly comes from https://github.com/matthiasmullie/minify/blob/97f118c4c745c7c8e47207f2daf3bab13ca65404/src/Minify.php#L343

ACL Plugin: make item formatter public again

The formatter needs to be public to be called from html_buildlist()

Do config backups with .php extension fixes #2446

translation update

translation update

translation update

Check for null JS object on form field.

translation update

Rename _acl_add to _acl_addOrUpdate

because that's what this method actually does now

Fix #1115

without this patch calling _acl_add may result in a corrupted acl.auth.php file.
This is the case when we're adding a config for a user and a scope with an
existing config.

The fix is jus

Fix #1115

without this patch calling _acl_add may result in a corrupted acl.auth.php file.
This is the case when we're adding a config for a user and a scope with an
existing config.

The fix is just to call the _acl_del method before perming the addition.

Note that this _acl_add method is currently called from two places:
- from admin_plugin_acl.handle() which was explicitely calling _acl_del before
- from remote_plugin_acl.addAcl, which can actually result in a corrupted file

show more ...

translation update

translation update