check CSRF token in draftdel action. fixes #3563

ignore another PSR12 style check for now

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cl

authplain: properly clean user names

The authplain module uses cleanID to clean usernames to make them valid
pagenames. However namespaces should not be used in usernames.

For that cleanUser and cleanGroup replaced columns in given names. But
depending on the wiki configuration useslash, semicolons and slashes may
also be used as namespace separators. cleanID would replace those with
colons, reintroducing colons into the names.

The problem was reported in a forum post where spammers tried to
register http addresses as user names:

https://forum.dokuwiki.org/d/19796-spammers-with-in-their-name

Users with colons were correctly saved (the colon is escaped in the user
file) but could probably not login (unless using a slash or semicolon
instead of the colon). Since usernames are cleaned in many places in
DokuWiki, such a logged in user was probably not recognized correctly.

Because of the proper colon escaping when saving the user file, I don't
see any security issue arising from this. Eg. it was not possible to
trip up the user loading mechanism.

Note: Previously created users containing colons can not be deleted via
the user manager, because displayed usernames are cleaned again, which
will remove the colons.

show more ...

Removes use of deprecated create_function() in teests. Replaces them with anonymous functions. Refs #3545

check security token on logout. fixes #3561

create SECURITY.md fixes #3558

eck CSRF token in styling plugin. fixes #3560

check CSRF token enabling/disabling extensions. fixes #3559

Update common_saveWikiText.test.php

allow 2nd to last revision check for normal save

fix undefined variable

update unittest checkChangeLogAfterNormalSave

add routine for "save on top of external edit" assertions

add dbg_deprecated()

update metadata of changed page in PageFile class

fix typo

set default size for embedded SVGs

many templates fail to set proper sizes for admin icons etc. This will
prevent SVGs from blowing up by default - of course templates should
still overwrite this de

set default size for embedded SVGs

many templates fail to set proper sizes for admin icons etc. This will
prevent SVGs from blowing up by default - of course templates should
still overwrite this default.

show more ...

saveWikiText() unittest 5

5.1 create a page
5.2 external edit
5.3 edit and save
5.4 delete
5.5 create a page, second time
5.6 externally delete
5.7 create a page, third time

saveWikiText() unittest 3.3

second to last revision check after repeated external edit

saveWikiText() unittest 4

4.1 externally create a page
4.2 edit and save
4.3 externally edit (file older than last rev)

PHP8: check array key existence

remove page key from event data prior to return

$data['page'] is object $this, it is not possible to access the object after destructed.

fix Undefined variable $id

implement PageFile class

PageFile class handles wiki text file and its change management for specific page, main part comes from `function saveWikiText()`. This ensures and enables to use one **Pag

implement PageFile class

PageFile class handles wiki text file and its change management for specific page, main part comes from `function saveWikiText()`. This ensures and enables to use one **PageChangeLog** instance during a page save process among class methods and relevant plugins.

show more ...

remove goto-loop structure

plugin event handler should set correct changeType.

group assertions for saveWikiText()

avoid doubling line in logviewer. fixes #3554