Use a new, truly random secret for cookie encryption

Fix and add type declarations for the auth system

Add truly random numbers and use them in places where randomness matters

add html5 attributes to email fields of the config manager

add html5 'email' type to the user manager forms

Change error message shown for incorrect current password on update profile form.

The current message confusingly mentions bad 'username' when username is not involved. The
new message is the same

Change error message shown for incorrect current password on update profile form.

The current message confusingly mentions bad 'username' when username is not involved. The
new message is the same as that introduced for an incorrect current password on the self
delete profile form (FS#2751)

show more ...

add html5 attributes to update profile form

add html5 attributes to register form

unit tests for self deleting of user accounts

FS#2751 - self deletion of user account

Remove search_references() and the refshow configuration option

The refshow configuration option wasn't used as described anymore
already in the latest release and after the introduction of the medi

Remove search_references() and the refshow configuration option

The refshow configuration option wasn't used as described anymore
already in the latest release and after the introduction of the media
usage index the parameter is also no longer relevant for internal
optimization. The only place where it was still used is the no longer
used search_references()-function which is removed here, too.

show more ...

Index media file usage in the metadata index and use it in ft_mediause()

added aria attributes to tree and show/hide functions

Fix the useheading cache invalidation for hidden pages, add tests

This adds a new parameter to ft_backlinks() to ignore permissions which
is needed for invalidating the cache of linking pages with u

Fix the useheading cache invalidation for hidden pages, add tests

This adds a new parameter to ft_backlinks() to ignore permissions which
is needed for invalidating the cache of linking pages with useheading
enabled. This also adds various test cases for ft_backlinks().

show more ...

include updateVersion in CSS/JS tseed to force reload on update

removed possibility to have rtl.less files in plugins

switched to LESS variables in rest of template's css files

Fixed instructions on PHPunit

auth_en/decrypt: Add explanation and more efficient decryption

Added an explanation that what we do is like normal CBC but that we
additionally encrypt the IV which is actually suggested by the NIST

auth_en/decrypt: Add explanation and more efficient decryption

Added an explanation that what we do is like normal CBC but that we
additionally encrypt the IV which is actually suggested by the NIST for
non-random (but unique) IVs. In the decryption process it's not
necessary to decrypt the IV, this should save some time.

show more ...

auth_random: remove exception comment as there is no exception

updated intro text on wiki:dokuwiki

Simple test cases for code and file token fix

Add AES from phpseclib and use it for cookie encryption

This replaces the deprecated and broken Blowfish implementation that has
previously been used and should provide a lot more security.

Use a new, truly random secret for cookie encryption

Fix and add type declarations for the auth system