fix version for master

translation update

opening up CSP headers for fetch.php resources

This drops the sandbox attribute as discussed in #3710 to re-enable
inline display of PDFs in Safari again.

Dropping the sandbox attribute should also

opening up CSP headers for fetch.php resources

This drops the sandbox attribute as discussed in #3710 to re-enable
inline display of PDFs in Safari again.

Dropping the sandbox attribute should also help with using navigational
links within SVG files as discussed in
https://forum.dokuwiki.org/d/20420-how-to-embed-svg-with-links-the-proper-way

It also allows the loading of fonts from within SVG files. This
currently does not allow font loading from google fonts as asked for
in #3709 though. I'm not sure if we should favor any font provider here.

show more ...

SECURITY fix difftype handling. #3761

Fix clientIP() returning the wrong address

security info: use the new profile at huntr.dev

Add Message-ID to all mails

RFC 5322 specifies that all mails SHOULD have a Message-ID field. While
originating SMTP servers MAY (as per RFC 5321) add a missing Message-ID,
this behavior is not mand

Add Message-ID to all mails

RFC 5322 specifies that all mails SHOULD have a Message-ID field. While
originating SMTP servers MAY (as per RFC 5321) add a missing Message-ID,
this behavior is not mandatory.
Multiple mail providers, e.g. Gmail, reject mails without a Message-ID
field, rendering their users unable to receive mails from a Dokuwiki
instance using a standard-conforming mail server.

This commit simply adds a random Message-ID to a mail's headers during
Mailer class initialization. With the current behavior of setHeader(),
overwriting that header happens without additional changes, should
another Message-ID be necessary, warranted or desired.

show more ...

fix warnings in feed.php. #3728

translation update

use $INPUT to access authentication environment #3750

This should fix warnings about missing data.

introduce sexplode() as a PHP8 safe explode()

We often have constructs like

list($foo, $bar) = explode(',', $input, 2);

In PHP8+ this will throw warnings when the explode returns fewer than 2
elem

introduce sexplode() as a PHP8 safe explode()

We often have constructs like

list($foo, $bar) = explode(',', $input, 2);

In PHP8+ this will throw warnings when the explode returns fewer than 2
elements. Our code usually (always?) will anticipate missing elements so
the construct isn't really problematic.

The implementation here wraps the solution suggested at
https://stackoverflow.com/a/56971347 into a new utility function.

I anticipate that people might object to the function name. It was
chosen as a short form of "safe explode". This makes fixing the warning
easy by simply adding a single letter. I also find it slightly amusing
and would be open to change it to just sex() just for the fun of it.

show more ...

avoid warning for new subscribers

When a subscriber never received an email no last sent timestamp is set.
PHP8 threw a warning on a missing array key, there.

fix warning when no headline id is provided in section editor

When plugins implement their own section editor, usually no hid parameter
will be set, triggering a warning in PHP 8.

fixes #114

avoid php8 warnings in authad. fixes #3746

fix codestyle

Remove Accept-Encoding from auth_browseruid()

Browsers do not send the same Accept-Encoding header for all requests, so using
it as part of auth_browseruid() can break things. For example, the audi

Remove Accept-Encoding from auth_browseruid()

Browsers do not send the same Accept-Encoding header for all requests, so using
it as part of auth_browseruid() can break things. For example, the audio
CAPTCHA in the official CAPTCHA plugin stopped matching its corresponding
image. Details here:

https://github.com/splitbrain/dokuwiki-plugin-captcha/issues/115#issuecomment-1215007408

show more ...

replace deprecated method calls

another go at #3717

c0ece86a0ac0cfab0856b056fb3ce8e726855542 was wrong too, because most
deprecation logs drop the callee

output log messages to STDERR during unit testig

This is especially helpful to notice deprecation messages

Another fix for #3717

The deprecation mechanism did actually log the wrong file (callee
instead of caller). This was fixed and the message adjusted again.

A guardian for very short backtraces and l

Another fix for #3717

The deprecation mechanism did actually log the wrong file (callee
instead of caller). This was fixed and the message adjusted again.

A guardian for very short backtraces and large offsets was added

show more ...

log deprecation messages independent from allowdebug

Only the logging configuration should influnece if deprecation messages
are to be logged. By default they should be logged.

better deprecation message for require. fixes #3717

replace deprecated call to dbglog. fixes #3726

use self hosted msglint api. fixes #3736

declare visibility o new method (codestyle fix)