Copy changes from ajax_lock to act_draftsave

preg_quote namespaces in auth_aclcheck

Like ids namespaces are now preg_quoted in the acl check (and therefore
the escaping of "*" has been removed). When plugins call the ACL check
function with st

preg_quote namespaces in auth_aclcheck

Like ids namespaces are now preg_quoted in the acl check (and therefore
the escaping of "*" has been removed). When plugins call the ACL check
function with strange ids the regex fails otherwise (in the case of the
include plugin errors like "Warning: preg_grep() [function.preg-grep]:
Compilation failed: missing terminating ] for character class at offset
47" have been reported by two users).

I've run the acl tests after this change and everything passes so this
shouldn't break anything but please test this especially with protected
wikis as this change modifies the code that handles namespace
permissions. Furthermore permissions for a namespace foobar are no
longer applied to namespaces with names like foo.ar, I hope nobody has
used that "feature".

When you are using per-user namespaces, user registration is open and
either write or read protection for these namespaces is important to
you this is a security fix for you: When someone wants to get access to
the namespace of a user "foo.bar" he can register as "fooxbar" (where
"x" is an arbitrary character) and will have access to the user
namespace of the user "foo.bar" as when a page in "foo.bar" is checked
it will match the rule for "fooxbar".

show more ...

added missing files for popularity plugin

some language improvements(?) for the popularity plugin

Add support for autosubmitting popularity data FS#2025

surpress warning in mail setup when hostname can't be determined

added auth_isMember()

This function abstracts checking a given user and her groups against a
given member list (as used in the superuser and manager options).

It is also used in auth_isManager() an

added auth_isMember()

This function abstracts checking a given user and her groups against a
given member list (as used in the superuser and manager options).

It is also used in auth_isManager() and auth_isAdmin(), unlike the
previous function, this one skips the nameencode step as it should be
unnessary here (all input is given decoded).

The test cases where extended by some non-ID user and group names.

People with non-plain auth backends should check that their
administrator and manager setups still work as expected

show more ...

fixed indent

tmp

Add missing variable declaration

Various changes to feed.php’s parameter handling

* Do not emit E_NOTICEs
* Introduce explicit feed mode default value »recent« instead of handling
every unknown feed mode as recent changes m

Various changes to feed.php’s parameter handling

* Do not emit E_NOTICEs
* Introduce explicit feed mode default value »recent« instead of handling
every unknown feed mode as recent changes mode. This means:
- FEED_MODE_UNKNOWN is only executed if the given feed mode is indeed
unknown. This is specifically not the case if no feed mode request param
has been specified or the requested feed mode is »recent«.
- FEED_MODE_UNKNOWN dies with an error as default behaviour
* opt[items] is forced to be a non-negative integer
* opt[show_minor] is forced to be a boolean and thus has a default value of
false instead of null

show more ...

tmp: disable notices in doku.php

Make baseonly work in allowedModes

This makes it possible to have modes that do accept headers
(baseonly) in the parser.

Related test cases are still running through but I'm not 100% sure
I did not

Make baseonly work in allowedModes

This makes it possible to have modes that do accept headers
(baseonly) in the parser.

Related test cases are still running through but I'm not 100% sure
I did not break something here. So it should be tested a bit more.

This patch will allow plugins to wrap multiple sections, however it
also makes it possible to easily break XHTML validity, because
headers also open and close sections, so plugin authors need to be
aware!

In case you wonder: this patch is not about allowing formatting
inside headers.

show more ...

added security warning to fullpath config option (FS#2113)

fixed newlines nesting error (introduced by 7deca91b)

made template functions more flexible

* attention: incompatible to previous version!
* introduced _tpl_action() (wrapper similar to tpl_action())
* improved discussion and user page functions
* ma

made template functions more flexible

* attention: incompatible to previous version!
* introduced _tpl_action() (wrapper similar to tpl_action())
* improved discussion and user page functions
* made them work independent from config
* added full control to how the page links are built (with placeholders @ID@ and @USER@)
* config option changes: removed 'discussNSreverse', renamed 'discussionNS' and 'userNS' to 'discussionPage' and 'userPage'

show more ...

changed font sizes of license and section edit buttons

removed text-align from body to allow automatic text-alignment

fixed formatting for combined styles (#1)

changed preview to look more like the real resulting page

fixed vertical alignment in recent changes and revisions for showuseras=email_link

renamed variable initialization in HTTPClient

fixed abbreviation FS#2108 / added RFC

DE: typo fixed

Allow spaces in numeric configuration values