en Copyright 2025 Java http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#e4b0c5a094bccfa42244b569e89fc3e5d07eedb3 strict value comparison in auth session check. fixes #4602 List of files: /dokuwiki/inc/auth.php Sun, 22 Mar 2026 18:11:50 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#093fe67e98c0cdb4b73fd46938e49b64971483c2 updated rector and applied it List of files: /dokuwiki/inc/auth.php Sat, 07 Mar 2026 20:26:13 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#42042e3eaeaec2b7061680f97789b1d293cc7591 Merge pull request #4591 from eduardomozart/patch-11fix: Update session validation checks in auth.php List of files: /dokuwiki/inc/auth.php Sat, 07 Mar 2026 12:11:11 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#9d1b64723676aa055991830d88f232fec75d8798 Update session validation checks in auth.phpRefactor session validation to check for user and pass existence. List of files: /dokuwiki/inc/auth.php Fri, 06 Mar 2026 12:39:07 +0000 Eduardo Mozart de Oliveira <2974895+eduardomozart@users.noreply.github.com> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#9cdd189d9aad1d3be0376522f25dedab2b627baa make JWT available in sessionWhen a token authentication was successful, the token is now added tothe user session. This allows other plugins (like twofactor) make use ofit. List of files: /dokuwiki/inc/auth.php Wed, 25 Feb 2026 09:34:14 +0000 Andreas Gohr <gohr@cosmocode.de> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#9399c87e10527bd9270ac34f45432bcff3a2b473 �� Rector and PHPCS fixes List of files: /dokuwiki/inc/auth.php Wed, 03 Dec 2025 09:04:24 +0000 splitbrain <86426+splitbrain@users.noreply.github.com> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#bc6b17592ae16a7462ffd2cfbbfa0f9d2b8ff6ef correctly check for session auth data. fixes #4547 List of files: /dokuwiki/inc/auth.php Wed, 29 Oct 2025 18:46:32 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#4ca97743e1b5c620a79c9098fe6e080192cbfc1c Merge pull request #4466 from dokuwiki/trustedproxiesRemove remaining uses of old proxy settings List of files: /dokuwiki/inc/auth.php Tue, 12 Aug 2025 07:43:48 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#f7f6f5fc567ba989fd9d4ec98fbe69e074010077 �� Rector and PHPCS fixes List of files: /dokuwiki/inc/auth.php Sat, 02 Aug 2025 14:07:58 +0000 splitbrain <86426+splitbrain@users.noreply.github.com> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#e37d2b418f454167d95eb82ad44cb8d6c1277f9b add random delay on login #4491This is meant to mitigate timing attacks on the login mechanism. List of files: /dokuwiki/inc/auth.php Wed, 30 Jul 2025 07:08:29 +0000 Andreas Gohr <gohr@cosmocode.de> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#33cb4e0125bb3ea66842b52c5d02739268775800 Make is_ssl and baseurl use proper proxy checksThis should not only address #4455 but also ensures that the relatedheaders are only used when they come from a trusted reverse proxy chain. List of files: /dokuwiki/inc/auth.php Tue, 03 Jun 2025 12:22:14 +0000 Andreas Gohr <gohr@cosmocode.de> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#0a302752e755cf33d4d0dea11f5f447a87ec2996 treat getallheaders more suspiciously. fixes #4415 List of files: /dokuwiki/inc/auth.php Wed, 12 Mar 2025 11:40:31 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#b21b7935c54bce6b6a1c8ab8c8fa74218871b916 mv UNUSABLE_PASSWORD const to defines List of files: /dokuwiki/inc/auth.php Tue, 07 Jan 2025 14:33:44 +0000 Tobias Bengfort <tobias.bengfort@posteo.de> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#0ffe9fda98b8e7088190efc9dc669b6722ede464 add new behavior to doc block List of files: /dokuwiki/inc/auth.php Tue, 07 Jan 2025 14:31:08 +0000 Tobias Bengfort <tobias.bengfort@posteo.de> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#527ad715b3b74fada32ec52d7db096c5f65d57e5 allow to set unusable passwordThis could be used by plugins such as dokuwiki-plugin-oauth to createaccounts that can only by accessed via SSO. List of files: /dokuwiki/inc/auth.php Tue, 07 Jan 2025 11:16:10 +0000 Tobias Bengfort <tobias.bengfort@posteo.de> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#8407f251434f578d07231a3f252ce6276d9e0b05 �� Rector and PHPCS fixes List of files: /dokuwiki/inc/auth.php Mon, 02 Dec 2024 13:22:00 +0000 splitbrain <86426+splitbrain@users.noreply.github.com> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#b9cda918faccf704038ebb05823e6e2e9afc5507 unset empty REMOTE_USER. fixes #4348An empty remote user should not be set at all. Seems like somewebservers always set the environment var, even if no authenticationhappened. I'd argue that this is wrong, but this should fix thebehaviour. List of files: /dokuwiki/inc/auth.php Wed, 27 Nov 2024 09:22:36 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#7ffd5bd274abfe72d9284c134c58dfa6ee0fdc80 alternative token header supportThe Authorization header is not always passed on to PHP, depending onthe setup (See https://stackoverflow.com/q/34472303 for examples andworkarounds).This patch adds support for an alternative X-DokuWiki-Token header thatcan be used when using token authentication and the standardAuthorization header can not be used. List of files: /dokuwiki/inc/auth.php Thu, 01 Aug 2024 15:23:34 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#1cedacf229f1294fea53b494765c47559d8a3e86 gracefully handle decryption errorsThis should fix #4198 List of files: /dokuwiki/inc/auth.php Fri, 09 Feb 2024 17:38:24 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/inc/auth.php#47e9ed0e2d343595676413cbfa338900fd049abc adjust AES encryption to match phpseclib version2See https://github.com/phpseclib/phpseclib/discussions/1974#discussioncomment-8107663 List of files: /dokuwiki/inc/auth.php Fri, 12 Jan 2024 18:03:25 +0000 Andreas Gohr <andi@splitbrain.org>