Searched hist:"7 d2714c77fd8ba61fdbfa0765e160acc24014017" (Results 1 – 2 of 2) sorted by relevance
| /plugin/annotations/ |
| H A D | action.php | 7d2714c77fd8ba61fdbfa0765e160acc24014017 Sat May 23 04:48:12 UTC 2026 tracker-user <82045103+tracker-user@users.noreply.github.com> Expose current user, admin flag and CSRF token to the front-end
DokuWiki's JSINFO carries no user identity, so script.js could not tell
who was logged in and could not gate the edit/delete/resolve UI. Inject
user, isAdmin and the security token into JSINFO.annotations from
action.php, and read them from there instead of the non-existent
JSINFO.userinfo object and the #dw__token hidden field.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|
| H A D | script.js | 7d2714c77fd8ba61fdbfa0765e160acc24014017 Sat May 23 04:48:12 UTC 2026 tracker-user <82045103+tracker-user@users.noreply.github.com> Expose current user, admin flag and CSRF token to the front-end
DokuWiki's JSINFO carries no user identity, so script.js could not tell
who was logged in and could not gate the edit/delete/resolve UI. Inject
user, isAdmin and the security token into JSINFO.annotations from
action.php, and read them from there instead of the non-existent
JSINFO.userinfo object and the #dw__token hidden field.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
|