| f2ea8432 | 08-Sep-2007 |
Andreas Gohr <andi@splitbrain.org> |
CSRF SecurityToken added to the media manager
darcs-hash:20070908143307-7ad00-50730dd67239a2faaced2dfa0dee8de7c1db05e6.gz |
| aea87c78 | 08-Sep-2007 |
Andreas Gohr <andi@splitbrain.org> |
Small fix for CSRF check in config and ACL plugins
darcs-hash:20070908142300-7ad00-ecb0aa5d77f6451b33988e6008e0297bd4425948.gz |
| 32b1888b | 06-Sep-2007 |
Andreas Gohr <andi@splitbrain.org> |
Use Content-Length in HTTP client
If a Server supplies a Content-Length header we stop reading when the specified
number of bytes was read. This fixes problems with Servers not closing the
connectio
Use Content-Length in HTTP client
If a Server supplies a Content-Length header we stop reading when the specified
number of bytes was read. This fixes problems with Servers not closing the
connection after sending the body.
darcs-hash:20070906194435-7ad00-cfb9b77ee085d28f5a643e45750b0a7be8ad7bd7.gz
show more ...
|
| cc670e1b | 04-Sep-2007 |
Michael Klier <chi@chimeric.de> |
send security token on login/logout
darcs-hash:20070904185355-23886-e5cbed2357a2697a593409ed0a31f044423db2e1.gz |
| 98a80b95 | 06-Sep-2007 |
Andreas Gohr <andi@splitbrain.org> |
Esperanto update
darcs-hash:20070906183038-7ad00-7bfdf2858d146a17fbe5824773ae5d9c985e0e28.gz |
| 125b6d11 | 06-Sep-2007 |
Michael Klier <chi@chimeric.de> |
respect DOKU_BASE in CSS cache file name
darcs-hash:20070906125503-23886-5b5d7f1fb90eaa25e0ce08469a541cb2a760de1b.gz |
| 1b2a85e8 | 30-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
Part 2 of the SecurityToken patch to avaoid CSRF attacks
This patch adds a security token to all forms generated through the new
form class. However it is only checked for possible dangerous actions
Part 2 of the SecurityToken patch to avaoid CSRF attacks
This patch adds a security token to all forms generated through the new
form class. However it is only checked for possible dangerous actions like
editing or profile changes.
darcs-hash:20070830191429-7ad00-445efea47a09a4823dfe9e3434ba5b355a80daf6.gz
show more ...
|
| 634d7150 | 29-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
CSRF prevention for admin plugins
This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed
CSRF prevention for admin plugins
This patch adds a session based token to all form in the default action plugins.
The validity of the token is checked before any administrative function is
executed aiming to protect DokuWiki's admin functions from Cross-site request
forgery (CSRF) attacks.
Another patch will follow to add the same functionality on other, less critical
functions.
More details on CSRF attacks can be found at
http://en.wikipedia.org/wiki/Cross-site_request_forgery
darcs-hash:20070829201538-7ad00-d0770224a3351fd8e38968e3a9d8e73520482445.gz
show more ...
|
| 0e1a261e | 28-Aug-2007 |
Michael Klier <chi@chimeric.de> |
moved lockfile check out of search() to callback functions
darcs-hash:20070828194406-23886-832f4a1222633b686cd8895eba00f1c895c5a992.gz |
| 1687f569 | 26-Aug-2007 |
Guy Brand <gb@isis.u-strasbg.fr> |
Revert plugin die if DOKU_INC undefined
darcs-hash:20070826201745-19e2d-10ac45260b4ab288ffa91c4828b82bb61ebfa625.gz |
| b7641d9e | 26-Aug-2007 |
Gabriel Birke <Gabriel.Birke@delti.com> |
Arbitrary Button types in JS toolbar
This is my patch for creating toolbar buttons with arbitrary button types,
tested with Firefox, Opera and IE7. If you want to create a new type of
button, you mu
Arbitrary Button types in JS toolbar
This is my patch for creating toolbar buttons with arbitrary button types,
tested with Firefox, Opera and IE7. If you want to create a new type of
button, you must have a function in the script.js file of your plugin. The
function name must begin with "addBtnAction", followed by the type name, for
example for the type "myType" the function must be called
"addBtnActionMyType" (bear in mind that the first char of the type must be
uppercased in the function name).
The function has four parameters:
"btn" is the HTML element for the button where you attach the onclick
handler
"props" is an associative array of the array properties that come from the
toolbar array that was created by toolbar.php
"edid" (optional) is the id of the editor textarea
"id" (optional) is a "unique" number for each button: the index variable of
the for loop where the buttons get created.
darcs-hash:20070826192206-79ce3-1fe6f49c1eb5d0c10adbadc43f7b2ee1aec1853e.gz
show more ...
|
| c818ebe6 | 21-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
removed unused file from french translation
darcs-hash:20070821174710-7ad00-a9e4ff4f23c99c0634f8dcc4f4c11d517efa827f.gz
|
| 70260ca4 | 21-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
german update
darcs-hash:20070821174336-7ad00-f17ae332851fb010f6cfc6e09e0a2f958b809a92.gz |
| 0770c0e5 | 21-Aug-2007 |
Chris Smith <chris@jalakai.co.uk> |
alter p_get_first_heading() default $render value to true
Calls to p_get_first_heading() are most likely to expect to get the first heading even if it needs to be
generated, that is a $render value
alter p_get_first_heading() default $render value to true
Calls to p_get_first_heading() are most likely to expect to get the first heading even if it needs to be
generated, that is a $render value of true. Only the metadata renderer itself needs a value of false in
order to prevent mutual dependency probelms.
This fix should finally complete FS#1010 & problems breadcrumbs have with use_first_headings when metadata
doesn't exist. Also see, http://www.freelists.org/archives/dokuwiki/08-2007/msg00018.html &
http://www.freelists.org/archives/dokuwiki/08-2007/msg00132.html
darcs-hash:20070821021008-d26fc-e08a23b4eb40f075de043687b57eb1223b0201b9.gz
show more ...
|
| ee1dcd2c | 21-Aug-2007 |
Chris Smith <chris@jalakai.co.uk> |
Fix $conf['compression'] setting values (was using 'bzip' instead of 'bz2'); FS#1185
darcs-hash:20070821120916-d26fc-75fbdf68d2a31222b892106229ee84c12c504630.gz |
| 1ba60149 | 21-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
french update
darcs-hash:20070821173805-7ad00-49900167ab4babede6acebb595faf005b28ce18e.gz |
| e05d5c76 | 20-Aug-2007 |
Michael Klier <chi@chimeric.de> |
typo fix in action plugin prototype class
darcs-hash:20070820175842-23886-3af1d5a1585545b6a84cc8df526f8fe53be537d7.gz |
| 81c54349 | 19-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
fix for magic quote fixing inside array keys
darcs-hash:20070819211952-7ad00-a1a321178ef3c5a85b2e422a01eda8066eb10588.gz |
| 1a9ae8e5 | 19-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
quote fix in auth_nameencode
darcs-hash:20070819211829-7ad00-7f2dbd3d7ad6b4568b8f34209fbcffda6e110f4c.gz |
| f6547e5d | 18-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
typo fix FS#1229
darcs-hash:20070818222239-7ad00-d427f89d0cd9cdc88cf99538209e50e1b001ea9c.gz |
| aad41e93 | 18-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
esperanto update
darcs-hash:20070818222029-7ad00-490d6e1e53a9753c4951ee8a9a9882d3cbdcfdb0.gz |
| bf39fc71 | 16-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
finish language update
darcs-hash:20070816182508-7ad00-a6107d7ae873a1473444c8fcfc02cf59172b0d8b.gz |
| d157eab3 | 13-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
greek language update
darcs-hash:20070813220053-7ad00-db53d44215d74c091c10e0423b8152dec302127a.gz |
| 11df47ec | 13-Aug-2007 |
Michael Klier <chi@chimeric.de> |
added nothing found message to backlinks output
darcs-hash:20070813160452-23886-c40e9f3bfe259d698500a6ef01f75894801b22c5.gz |
| 1b6f3a44 | 13-Aug-2007 |
Andreas Gohr <andi@splitbrain.org> |
span added to breadcrumbs label
darcs-hash:20070813190912-7ad00-b2677372876f395da890ba5a86050343bea249f2.gz |