Update SECURITY.md - huntr is dead

�� Rector and PHPCS fixes

ignore codesniffer on override method

Replace strftime with Intl ICU. Fixes #3573

This uses a class that maps strftime placeholders to the appropriate ICU
patterns. I am using the fallback-intl branch here which provides an
English-only

Replace strftime with Intl ICU. Fixes #3573

This uses a class that maps strftime placeholders to the appropriate ICU
patterns. I am using the fallback-intl branch here which provides an
English-only fallback when the intl extension is not available.

Core has only two places where strftime is used: dformat() and the
SimplePie feed parser. Both are adjusted with this patch. For the latter
a custom Item class had to be registered. For better separation all our
FeedParser classes have been moved to the Feed namespace where our
FeedCreator classes already reside.

Note that this will currently be a degration for users without intl as
it will fall back to date and not to the still available strftime.

show more ...

updated composer depedencies

LinkWizard: fix multilevel parents in references

use relative links in LinkWizard

When the linked page has a common prefix with the current page,
construct a relative link instead of always inserting absolute links.

LinkWizard: add method to create a relative link

This is not used, yet. Usage will be added in a future commit.

Since we don't have a proper testing framework in place, yet. Tests have
been added a

LinkWizard: add method to create a relative link

This is not used, yet. Usage will be added in a future commit.

Since we don't have a proper testing framework in place, yet. Tests have
been added as a standalone script that can be run manually.

show more ...

doc blocks in link wizard

Linkwizard: use strict comparisons

LinkWizard: don't use the deprecated keycode property anymore

turn link wizard into a class

Basic modernisation of the link wizard to more modern JavaScript.

translation update

translation update

Check security token for media restore. fix #4323

The whole media management is a mess, but this should fix the issue for
now.

I think the severity is low since, this will only restore previously
u

Check security token for media restore. fix #4323

The whole media management is a mess, but this should fix the issue for
now.

I think the severity is low since, this will only restore previously
uploaded media files, so permissions need to be high enogh for upload
anyway.

show more ...

Revert "use a dispatcher to access static image files"

This reverts commit 944e9ba7254387adb60f253b0d8796f2276096b1.

It was accidentally pused to master before review. A PR with a revert
for the re

Revert "use a dispatcher to access static image files"

This reverts commit 944e9ba7254387adb60f253b0d8796f2276096b1.

It was accidentally pused to master before review. A PR with a revert
for the revert will be pushed shortly.

show more ...

use a dispatcher to access static image files

This makes it possible to replace default images in an update safe way.
It also addresses the issue raised in dokuwiki/docker#16

A .htaccess rewrite ca

use a dispatcher to access static image files

This makes it possible to replace default images in an update safe way.
It also addresses the issue raised in dokuwiki/docker#16

A .htaccess rewrite catches any direct accesses that might come in from
plugins.

show more ...

make sure stderr is defined in logger

STDERR is only defined when PHP is called from the command line.

In the docker health check we set DOKU_UNITTEST to make sure that errors
trigger exceptions in

make sure stderr is defined in logger

STDERR is only defined when PHP is called from the command line.

In the docker health check we set DOKU_UNITTEST to make sure that errors
trigger exceptions instead being logged only. However when the error
then is also written to STDERR it fails.

This patch makes sure the data is written to PHP's STDERR stream handler
instead.

Should fix dokuwiki/docker#15

show more ...

translation update

Support a URI parameter for ldap since current code doesn't actually work

Use the reflection method

Forgot to lowercase the result

Update AbstractAction.php

PHP 8 makes this method faster that the previous SubstringStrChr method mentioned in https://stackoverflow.com/a/27457689

alternative token header support

The Authorization header is not always passed on to PHP, depending on
the setup (See https://stackoverflow.com/q/34472303 for examples and
workarounds).

This patch

alternative token header support

The Authorization header is not always passed on to PHP, depending on
the setup (See https://stackoverflow.com/q/34472303 for examples and
workarounds).

This patch adds support for an alternative X-DokuWiki-Token header that
can be used when using token authentication and the standard
Authorization header can not be used.

show more ...

Fix stored XSS vulnerability via do=export_metadata #4305

This prevents metadata export in general and also ensures the the
temporary $doc property in the metadata renderer is cleared in
document_end