en Copyright 2025 Java http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#aabc47827929d47511d90d51ce171a8fdd06f9ed (security) Add CSRF protection and use Form class in popularity pluginThe plugin is accessible to managers, not just admins, and had twoseparate issues.1. Missing CSRF token (low severity) The handler accepted the posted data and toggled autosubmit without checking a security token. A cross-site forged POST against a logged-in manager could enable autosubmit and trigger a submission of the wiki's data to the popularity server.2. Reflected XSS (low severity) When a submission failed, the posted data was reflected back into a readonly textarea without escaping. A value closing the textarea early (eg. </textarea><script>...) could inject script into the manager's browser. To exploit this, not only a CSRF attack against an authenticated manager was needed, also the connection to the DokuWiki popularity server needed to fail.The popularity plugin now verifies the security token before it sendsdata or toggles the autosubmit option.The form is now built via the the Form API so the textarea value isescaped automatically. The security token is emitted automatically.The fallback browser-submission form posts to an external server and isbuilt without the security token. List of files: /dokuwiki/lib/plugins/popularity/admin.php Sat, 06 Jun 2026 15:53:06 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#d4f83172d9533c4d84f450fe22ef630816b21d75 code style: line breaks List of files: /dokuwiki/lib/plugins/popularity/admin.php Thu, 31 Aug 2023 20:44:40 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#90fb952c4c30c09c8446076ba05991c89a3f0b01 code style: operator spacing List of files: /dokuwiki/lib/plugins/popularity/admin.php Thu, 31 Aug 2023 20:38:07 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#8553d24d33ab5f260c6e19959de764dd8472d438 Apply rector renames List of files: /dokuwiki/lib/plugins/popularity/admin.php Wed, 30 Aug 2023 13:44:19 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#54cc7aa41e0f453bd6887b0e79242a139d84a47a Apply rector fixes to the rest of lib/plugin List of files: /dokuwiki/lib/plugins/popularity/admin.php Wed, 30 Aug 2023 09:45:19 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#29fc53cff0d7cb2855f0786f6337d882aa13d1d6 PSR-2 for popularity plugin List of files: /dokuwiki/lib/plugins/popularity/admin.php Tue, 08 May 2018 17:50:06 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#3dc2d50c5fda9c4bf708ff4c26e266ba239af62c visibility declarations in plugins List of files: /dokuwiki/lib/plugins/popularity/admin.php Fri, 27 Apr 2018 18:55:43 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#b4f2363aa1360136c8a826f09aaebc6505211c73 remove DOKU_INC checksThere is no need for this check, since these files should not have anymain code that is executed on direct call.Fixes PSR1.Files.SideEffects.FoundWithSymbols List of files: /dokuwiki/lib/plugins/popularity/admin.php Fri, 27 Apr 2018 12:32:42 +0000 Andreas Gohr <andi@splitbrain.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#ae614416a5d7f5cab6c5b82a0c45f587d7fa9c01 changed all input type=submit buttons to button type=submit button for better stylability List of files: /dokuwiki/lib/plugins/popularity/admin.php Sun, 12 Jul 2015 18:05:43 +0000 Anika Henke <anika@selfthinker.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#26e22ab837dcabe137a0912fcd2f96d0c35f48c8 Changes for PHP 7 Compatibility- replace PHP4 style class constructor function names (based on class name) with php 5 __construct()Also remove some '&' reference operators used with objectsAnd add some object type hints List of files: /dokuwiki/lib/plugins/popularity/admin.php Fri, 15 May 2015 17:03:34 +0000 Christopher Smith <chris@jalakai.co.uk> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#79e79377626799a77c11aa7849cb9c64305590c8 Remove error supression for file_exists()In an older version of PHP a file_exists() call would issue a warningwhen the file did not exist. This was fixed in later PHP releases. Sincewe require PHP 5.3 now, there's no need to supress any error hereanymore. This might even give a minor performance boost. List of files: /dokuwiki/lib/plugins/popularity/admin.php Wed, 07 Jan 2015 09:47:45 +0000 Andreas Gohr <gohr@cosmocode.de> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#f119fb202b56acf8966f17b1ae4525c678b34865 get version popularity plugin direct from plugin info List of files: /dokuwiki/lib/plugins/popularity/admin.php Mon, 14 Oct 2013 14:32:35 +0000 Gerrit Uitslag <klapinklapin@gmail.com> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#a1f2b5a3ca0af3e89bd77a5c68fd24b02416e60a Fixed gathering of version of popularity plugin List of files: /dokuwiki/lib/plugins/popularity/admin.php Thu, 19 Sep 2013 20:57:17 +0000 Gerrit Uitslag <klapinklapin@gmail.com> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#38479cbba628ee76a92ff5f3c974cfa8e6ce9e61 some coding style improvements - removed some dead/unused code - fixed phpdoc - added typing on methods List of files: /dokuwiki/lib/plugins/popularity/admin.php Thu, 29 Nov 2012 15:06:43 +0000 Dominik Eckelmann <deckelmann@gmail.com> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#f21e024ada9202d47fcdc85730a44af5ea259d1c Replacing $_REQUEST variables with $INPUT wrapper, popularity plugin List of files: /dokuwiki/lib/plugins/popularity/admin.php Sat, 08 Sep 2012 13:05:39 +0000 Hakan Sandell <sandell.hakan@gmail.com> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#24d494984899eca69df2a5e50d941007500ba545 added some missing spaces (to popularity and revert plugins) List of files: /dokuwiki/lib/plugins/popularity/admin.php Sun, 05 Aug 2012 11:52:25 +0000 Anika Henke <anika@selfthinker.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#a375d5e545bb97aa9e91b688b966dc6a9ce0cfe8 Fix display in popularity plugin List of files: /dokuwiki/lib/plugins/popularity/admin.php Sat, 28 May 2011 05:53:50 +0000 Guillaume Turri <guillaume.turri@gmail.com> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#6cd259d7de1e82b753b5b7ce593637e58b36288b closed hidden input in popularity plugin List of files: /dokuwiki/lib/plugins/popularity/admin.php Sat, 16 Apr 2011 11:25:08 +0000 Anika Henke <anika@selfthinker.org> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#5827ba0b8aa706e4201a3dc654b3c2cf141f6dd2 Popularity plugin displays the last time the data was sent List of files: /dokuwiki/lib/plugins/popularity/admin.php Sat, 18 Dec 2010 09:27:49 +0000 Guillaume Turri <guillaume.turri@gmail.com> http://127.0.0.1:8080/history/dokuwiki/lib/plugins/popularity/admin.php#98be6429ce6efaa013146af9145aa572816adb89 Add support for autosubmitting popularity data FS#2025 List of files: /dokuwiki/lib/plugins/popularity/admin.php Thu, 09 Dec 2010 21:03:59 +0000 Guillaume Turri <guillaume.turri@gmail.com>