replace LESS compiler with lesserphp

This is a better maintained fork of lessphp. It seems to be fully
compatible, so this is more or less a drop in replacement.

removed deprecated blowfish class

replace some var keywords

This should fix some tests on PHP 7.1. The work is far from done, we
still have a lot of variables without proper accessibility defined.

translation update

PassHash.class.php: in case of brcrypt, use the most recent variant $2y$

This change breaks compatibility with php 5.3.7, but a standing
requirement for at least php 5.6 is declared in composer.json

PassHash.class.php: in case of brcrypt, use the most recent variant $2y$

This change breaks compatibility with php 5.3.7, but a standing
requirement for at least php 5.6 is declared in composer.json.

If the php documentation is to be believed, this change increases
security against pass-the-hash type attacks. (I do not have the knowledge
to assess the security differences between $2a$ and $2y$).

As a Sidenote: htpasswd shipped with apache2 2.4.10 (and probably,
other versions), when used with the -B (=bcrypt) option, produces hashes
marked with $2y$.

Nonewithstanding the actual support or non-support of $2a$ by the
apache2 'AuthUserFile' directive, the apache 2.4 documentation only
asserts support for the $2y$ bcrypt variant.
Therefore, this commit would make it possible for dokuwiki and apache2
basic authentication to share the same password file, in the case when
bcrypt is used.

show more ...

translation update

Fix Typo in remote API (#1938)

* Updated remote.php

Updated remote.php for retrieving all the acl details.

* Updated remote.php

By mistake changed in addAcl instead of listAcls.

translation update

translation update

translation update

use 403 response on bad logins. closes #1937

removed unneeded check

the $from != $to check is handled further up already and throws an
exception.

draft action now checks that a draft exists

fixed small typo

no longer rely on actionOk when checking if actions are disabled

loadAction() and checkAction() are now public and could be used within
actionOK(). However some weird circular references prevent tha

no longer rely on actionOk when checking if actions are disabled

loadAction() and checkAction() are now public and could be used within
actionOK(). However some weird circular references prevent that. In
addition, actionOK is also used to check for things that aren't Actions
(yet) like 'rss' and 'top'.

show more ...

explicitly declare method visibility

allow actions to be initialized without an action name

also fixes the tests

added missing backlink action

fixed Diff action

added missing Revisions action

make use of sub action for Profile deletion

fixed export action by supporting underscores in actions

Now underscores can be used to have sub actions. The loader will try to
find an exact match first, then begin removing parts from the end unt

fixed export action by supporting underscores in actions

Now underscores can be used to have sub actions. The loader will try to
find an exact match first, then begin removing parts from the end until
a matching action is found.

show more ...

make use of the ActionRouter (temporary solution)

This is just a quick and dirty hack to try and see if the router
actually behaves as it should. I renamed the old methods to XXX_* and
implemented n

make use of the ActionRouter (temporary solution)

This is just a quick and dirty hack to try and see if the router
actually behaves as it should. I renamed the old methods to XXX_* and
implemented new ones calling the router. This has to be cleaned up
later.

show more ...

fix singleton pattern in ActionRouter

do not blindly assume classes in our own namespace exist