Show full reply tree in orphan drawer

buildThreadEntry alone was called per orphan, so only the root
message appeared in the drawer. Now each orphaned thread renders
with its complete reply tree (re

Show full reply tree in orphan drawer

buildThreadEntry alone was called per orphan, so only the root
message appeared in the drawer. Now each orphaned thread renders
with its complete reply tree (read-only: no Reply/Edit/Delete
buttons on replies). A .ann-orphan-thread wrapper groups each
thread visually, mirroring the inline panel styling.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

show more ...

Add admin overview of annotated pages with clear-orphaned actions

Adds admin.php (Admin -> Annotations): a wiki-wide table of annotated pages
with Normal/Orphaned counts, per-column filter, sortable

Add admin overview of annotated pages with clear-orphaned actions

Adds admin.php (Admin -> Annotations): a wiki-wide table of annotated pages
with Normal/Orphaned counts, per-column filter, sortable headers, numbered
pager (entries_per_page config), and per-page and wiki-wide clear-orphaned
POST actions guarded by checkSecurityToken and auth_isadmin.

Refactors the orphan rule into helper::quoteMissing() shared by
findOrphaned() and the new pageCounts(); adds getAnnotatedPages() /
searchAnnotations() / clearOrphanedAll() to the helper. Extends HelperTest
with four new coverage cases. All four locales (en, de, ru, ja) carry the
new admin strings.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

show more ...

Use normal font style for quotes instead of italic

Fix stored XSS in JSINFO embed and self-deadlocking write lock

Two serious bugs found during review, plus three minor fixes:

- Stored XSS: the inline-embedded annotation payload was encoded with

Fix stored XSS in JSINFO embed and self-deadlocking write lock

Two serious bugs found during review, plus three minor fixes:

- Stored XSS: the inline-embedded annotation payload was encoded with
JSON_UNESCAPED_SLASHES and appended into the page's inline <script>. A
body containing "</script>" closed the script element and injected
arbitrary HTML, executing in every viewer's browser. Anyone who can
annotate (AUTH_READ + login) could exploit it. Add JSON_HEX_TAG so < and
> are escaped, neutralising every tag-based breakout.

- Write lock: mutate() held io_lock($file) and then called
io_saveFile($file), which takes io_lock($file) again internally. The
inner lock collided with the outer, busy-waiting ~3s for the stale-lock
timeout on every create/edit/delete/resolve/clear and defeating mutual
exclusion. Lock on a sentinel key ($file.lock) instead, leaving
io_saveFile's own lock uncontended (matches DokuWiki TaskRunner idiom).

- style.css: the :root colour fallbacks were self-referential
(var(--x) of themselves), i.e. cyclic and invalid, not a fallback.
Replace with the literal config-default triplets.

- action.php: drop hsc() from a JSON error string (wrong context).

- script.js: refresh the open orphan drawer after a thread mutation so an
edited body shows there too.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

show more ...

Add config, selection guards, annotation overlap detection, and glow button

- Config: color_open / color_resolved (hex, drives CSS vars); embed_max_bytes,
context_length, body_cap move from consta

Add config, selection guards, annotation overlap detection, and glow button

- Config: color_open / color_resolved (hex, drives CSS vars); embed_max_bytes,
context_length, body_cap move from constants to conf/default + metadata.
action.php injects --ann-open-rgb / --ann-resolved-rgb as CSS custom props;
style.css escapes every rgba(var(…)) with LESS ~"…" so lesserphp doesn't
bake them to #000000 at compile time.
- Selection guards: Annotate button suppressed inside .ann-* UI, #dw__toc,
.docInfo, .secedit; the old endpoint-only isInsideHighlight is replaced by
selectionHitsHighlight (range.intersectsNode over all highlight spans) so a
selection overrunning an existing annotation on either side opens it instead
of offering a new overlapping one.
- Glow: static amber box-shadow on .ann-tooltip .ann-btn (no animation).
- Removed email line from plugin.info.txt; updated GeneralTest accordingly.
- context_length fed to JS via JSINFO.annotations.contextLen so capture and
PHP trimming stay in sync.
- conf/ + lang/*/settings.php + README/DESIGN updated.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

show more ...

Rework annotation UI: threaded replies, polish, and fixes

Builds the threaded-reply UI on the new parentId backend and tidies up
the front-end overlay.

Threaded replies:
- Render replies as an inde

Rework annotation UI: threaded replies, polish, and fixes

Builds the threaded-reply UI on the new parentId backend and tidies up
the front-end overlay.

Threaded replies:
- Render replies as an indented tree (buildReplyTree / appendReplyTree)
with an inline "reply to this reply" form on each entry.

Fixes:
- Keep gutter markers aligned with their highlights. A marker lives in
document.body at absolute coordinates, so opening or closing a panel, or
resizing the window, used to leave it stranded away from its text;
repositionMarkers() now re-aligns them on those events.
- Stop stealing focus when a panel is re-opened after an action (resolve,
edit, delete), which previously jumped the viewport down to the reply box.
- Preserve panel position after replies and edits by merging the client
render state (_highlightEl, _markerEl, _range) onto server responses.

Polish:
- Show a busy spinner on buttons while an AJAX request is in flight.
- Layout: position the counter bar and orphan drawer correctly around the
floated TOC; fix highlight hover colours and the marker column position.

Cleanup / dedup:
- Fold the four near-identical thread mutation handlers (reply, edit,
edit-reply, delete-reply) into one submitThreadAction() helper.
- De-duplicate wrapHighlight()'s two branches and make its title null-safe.
- Remove the unused refreshAnnotation() left over from before the server
returned the full annotation.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

show more ...

Fix JSINFO injection timing and gutter marker positioning

handleMetaHeader() wrote the annotation payload to $JSINFO, but
tpl_metaheaders() has already serialised JSINFO into the inline <script>
by

Fix JSINFO injection timing and gutter marker positioning

handleMetaHeader() wrote the annotation payload to $JSINFO, but
tpl_metaheaders() has already serialised JSINFO into the inline <script>
by the time TPL_METAHEADER_OUTPUT fires, so the data never reached the
page. Append a `JSINFO.annotations = {...}` statement to that inline
block instead, and only inject it on show / export_xhtml views.

Anchor the gutter markers to .page (the article column) rather than
#dokuwiki__content: the latter's position:relative extended over the
sidebar and swallowed its navigation clicks.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

show more ...

Initial annotations plugin

Word- and sentence-level annotations for DokuWiki pages: text-quote
anchoring, threaded replies, open/resolved status, gutter markers,
client- and server-side orphan detec

Initial annotations plugin

Word- and sentence-level annotations for DokuWiki pages: text-quote
anchoring, threaded replies, open/resolved status, gutter markers,
client- and server-side orphan detection, a per-user on/off toggle, and
admin per-page bulk-clear. Annotations are stored out-of-band in a
per-page JSON file, so the wiki changelog is never touched.

Built with Claude Opus 4.7 and Sonnet 4.6.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

show more ...