test on PHP 8.1

translation update

translation update

Revert "Merge pull request #3039 from takuy/video-attributes"

This reverts commit 408d79f78505248f9ccb44bd2561cedc250ce5a1, reversing
changes made to b7c67f83bd81eff3186e4ebd2d9e86cd2c32468d.

Revert "fixed video attribute handling in php8"

This reverts commit f5cdab8ec90af0cde0c0e32209470cfa820b8ab5.

Revert "more php8 fixes for the video attributes"

This reverts commit 89e046c85b43365a46ce9f137a1b843d3ef6813b.

guard against unsert user name. fixes #3455

remove remaining X-UA-Compatible headers. fixes #3434

more php8 fixes for the video attributes

I defaulted back to null instead of an empty array.

fixed video attribute handling in php8

fix test for draft file

fix security problems in draft handling. fixes #3565

fix handling of loading auth backend

When a non existing auth backend was configured, the action router ran
into an infinie loop exception. The reason was that the denied action
required a configure

fix handling of loading auth backend

When a non existing auth backend was configured, the action router ran
into an infinie loop exception. The reason was that the denied action
required a configured auth system, but denying access should always
work.

Interestingly the problem did not occur when the auth backend signalled
a failure to load. This was because the auth backend was not properly
deinitialized. This is now done.

To aid debugging similar problems, fatal errors are now logged through
the logging mechanism in the action router

show more ...

check CSRF token in draftdel action. fixes #3563

ignore another PSR12 style check for now

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cl

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cleanGroup replaced columns in given names. But
depending on the wiki configuration useslash, semicolons and slashes may
also be used as namespace separators. cleanID would replace those with
colons, reintroducing colons into the names.

The problem was reported in a forum post where spammers tried to
register http addresses as user names:

https://forum.dokuwiki.org/d/19796-spammers-with-in-their-name

Users with colons were correctly saved (the colon is escaped in the user
file) but could probably not login (unless using a slash or semicolon
instead of the colon). Since usernames are cleaned in many places in
DokuWiki, such a logged in user was probably not recognized correctly.

Because of the proper colon escaping when saving the user file, I don't
see any security issue arising from this. Eg. it was not possible to
trip up the user loading mechanism.

Note: Previously created users containing colons can not be deleted via
the user manager, because displayed usernames are cleaned again, which
will remove the colons.

show more ...

Removes use of deprecated create_function() in teests. Replaces them with anonymous functions. Refs #3545

check security token on logout. fixes #3561

create SECURITY.md fixes #3558

eck CSRF token in styling plugin. fixes #3560

check CSRF token enabling/disabling extensions. fixes #3559

Update common_saveWikiText.test.php

allow 2nd to last revision check for normal save

fix undefined variable

update unittest checkChangeLogAfterNormalSave

add routine for "save on top of external edit" assertions

add dbg_deprecated()