| /dokuwiki/_test/tests/inc/ |
| H A D | auth_mediaaclpath.test.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| /dokuwiki/inc/Remote/Response/ |
| H A D | Media.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| /dokuwiki/inc/Remote/ |
| H A D | LegacyApiCore.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| H A D | ApiCore.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| /dokuwiki/inc/File/ |
| H A D | MediaFile.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| /dokuwiki/inc/ |
| H A D | fetch.functions.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| H A D | changelog.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| H A D | search.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| H A D | media.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| H A D | auth.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|
| /dokuwiki/lib/exe/ |
| H A D | detail.php | 7e687fd85a40bd8453b39b64bae8e989ab32fd36 Fri May 29 09:17:21 UTC 2026 Andreas Gohr <andi@splitbrain.org> fix(auth): scope media ACL checks to the namespace
Media files have no per-file ACLs; permissions must be evaluated against
the namespace they live in. Several call sites passed the raw media ID
to auth_quickaclcheck(), so a page-intended exact-ID rule (e.g. on
wiki:secret.png) could silently apply to a media file sharing that ID.
Introduce mediaAclPath() that builds the correct namespace wildcard
path (handling root-namespace media) and route all media-related ACL
checks through it. Also normalize the lone `:X` sentinel variant in
fetch.functions.php to the standard `:*` form.
fixes: #4647
|