From 51de8ca123f3789b5a6a98852fd9a8c4b938873b Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 14:47:52 +0000 Subject: add comments for recent settings class additions to extra.class.php --- lib/plugins/config/settings/config.metadata.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'lib/plugins') diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 22e76a013..4731ffc16 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -42,6 +42,8 @@ * 'im_convert' - as 'setting', input must exist and be an im_convert module * 'disableactions' - as 'setting' * 'compression' - no additional parameters. checks php installation supports possible compression alternatives + * 'licence' - as multichoice, selection constructed from licence strings in language files + * 'renderer' - as multichoice, selection constructed from enabled renderer plugins which canRender() * * Any setting commented or missing will use 'setting' class - text input, minimal validation, quoted output * -- cgit v1.2.3 From c89ab3e93dc9b6fadb29518a47e4b32a49666729 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 14:49:42 +0000 Subject: remove php_strip_whitespace() alternate, no longer required as php min req't ensures its always present --- lib/plugins/config/settings/config.class.php | 94 ---------------------------- 1 file changed, 94 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index e5e09d8f8..427178c40 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -1083,97 +1083,3 @@ if (!class_exists('setting_multicheckbox')) { } } } - -/** - * Provide php_strip_whitespace (php5 function) functionality - * - * @author Chris Smith - */ -if (!function_exists('php_strip_whitespace')) { - - if (function_exists('token_get_all')) { - - if (!defined('T_ML_COMMENT')) { - define('T_ML_COMMENT', T_COMMENT); - } else { - define('T_DOC_COMMENT', T_ML_COMMENT); - } - - /** - * modified from original - * source Google Groups, php.general, by David Otton - */ - function php_strip_whitespace($file) { - if (!@is_readable($file)) return ''; - - $in = join('',@file($file)); - $out = ''; - - $tokens = token_get_all($in); - - foreach ($tokens as $token) { - if (is_string ($token)) { - $out .= $token; - } else { - list ($id, $text) = $token; - switch ($id) { - case T_COMMENT : // fall thru - case T_ML_COMMENT : // fall thru - case T_DOC_COMMENT : // fall thru - case T_WHITESPACE : - break; - default : $out .= $text; break; - } - } - } - return ($out); - } - - } else { - - function is_whitespace($c) { return (strpos("\t\n\r ",$c) !== false); } - function is_quote($c) { return (strpos("\"'",$c) !== false); } - function is_escaped($s,$i) { - $idx = $i-1; - while(($idx>=0) && ($s{$idx} == '\\')) $idx--; - return (($i - $idx + 1) % 2); - } - - function is_commentopen($str, $i) { - if ($str{$i} == '#') return "\n"; - if ($str{$i} == '/') { - if ($str{$i+1} == '/') return "\n"; - if ($str{$i+1} == '*') return "*/"; - } - - return false; - } - - function php_strip_whitespace($file) { - - if (!@is_readable($file)) return ''; - - $contents = join('',@file($file)); - $out = ''; - - $state = 0; - for ($i=0; $i Date: Mon, 18 Feb 2013 15:14:51 +0000 Subject: remove no longer used email pattern, validation is done by mail_* functions --- lib/plugins/config/settings/config.class.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index 427178c40..ec5f73fa5 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -659,10 +659,8 @@ if (!class_exists('setting_password')) { } if (!class_exists('setting_email')) { - if (!defined('SETTING_EMAIL_PATTERN')) define('SETTING_EMAIL_PATTERN','<^'.PREG_PATTERN_VALID_EMAIL.'$>'); class setting_email extends setting_string { - var $_pattern = SETTING_EMAIL_PATTERN; // no longer required, retained for backward compatibility - FIXME, may not be necessary var $_multiple = false; var $_placeholders = false; -- cgit v1.2.3 From d110fb0d68e5a037b6db151d7bfd4881c48ccdec Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 15:51:06 +0000 Subject: FS#2722 add settings_regex class, use it for hidepages --- lib/plugins/config/settings/config.class.php | 37 +++++++++++++++++++++++++ lib/plugins/config/settings/config.metadata.php | 8 +++++- 2 files changed, 44 insertions(+), 1 deletion(-) (limited to 'lib/plugins') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index ec5f73fa5..bbb25b695 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -1081,3 +1081,40 @@ if (!class_exists('setting_multicheckbox')) { } } } + +if (!class_exists('setting_regex')){ + class setting_regex extends setting_string { + + var $_delimiter = '/'; // regex delimiter to be used in testing input + var $_pregflags = 'ui'; // regex pattern modifiers to be used in testing input + + /** + * update changed setting with user provided value $input + * - if changed value fails error check, save it to $this->_input (to allow echoing later) + * - if changed value passes error check, set $this->_local to the new value + * + * @param mixed $input the new value + * @return boolean true if changed, false otherwise (incl. on error) + */ + function update($input) { + + // let parent do basic checks, value, not changed, etc. + $local = $this->_local; + if (!parent::update($input)) return false; + $this->_local = $local; + + // see if the regex compiles and runs (we don't check for effectiveness) + $regex = $this->_delimiter . $input . $this->_delimiter . $this->_pregflags; + $lastError = error_get_last(); + $ok = @preg_match($regex,'testdata'); + if (preg_last_error() != PREG_NO_ERROR || error_get_last() != $lastError) { + $this->_input = $input; + $this->_error = true; + return false; + } + + $this->_local = $input; + return true; + } + } +} \ No newline at end of file diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 4731ffc16..5aedaa6f1 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -33,6 +33,9 @@ * 'array' - a simple (one dimensional) array of string values, shown as comma separated list in the * config manager but saved as PHP array(). Values may not contain commas themselves. * _pattern matching on the array values supported. + * 'regex' - regular expression string, normally without delimiters; as for string, in addition tested + * to see if will compile & run as a regex. in addition to _pattern, also accepts _delimiter + * (default '/') and _pregflags (default 'ui') * * Single Setting (source: settings/extra.class.php) * ------------------------------------------------- @@ -60,6 +63,9 @@ * '_code' - encoding method to use, accepted values: 'base64','uuencode','plain'. defaults to plain. * '_min' - minimum numeric value, optional for 'numeric' and 'numericopt', ignored by others * '_max' - maximum numeric value, optional for 'numeric' and 'numericopt', ignored by others + * '_delimiter' - string, default '/', a single character used as a delimiter for testing regex input values + * '_pregflags' - string, default 'ui', valid preg pattern modifiers used when testing regex input values, for more + * information see http://uk1.php.net/manual/en/reference.pcre.pattern.modifiers.php * * @author Chris Smith */ @@ -115,7 +121,7 @@ $meta['camelcase'] = array('onoff'); $meta['deaccent'] = array('multichoice','_choices' => array(0,1,2)); $meta['useheading'] = array('multichoice','_choices' => array(0,'navigation','content',1)); $meta['sneaky_index'] = array('onoff'); -$meta['hidepages'] = array('string'); +$meta['hidepages'] = array('regex'); $meta['_authentication'] = array('fieldset'); $meta['useacl'] = array('onoff'); -- cgit v1.2.3 From d433710d8084d65218569a93034cec1e28bbeb43 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 17:32:13 +0000 Subject: fix security caution for 'remote' setting (was 'xmlrpc') --- lib/plugins/config/settings/config.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/plugins') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index bbb25b695..f7ab6606b 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -370,7 +370,7 @@ if (!class_exists('setting')) { var $_cautionList = array( 'basedir' => 'danger', 'baseurl' => 'danger', 'savedir' => 'danger', 'cookiedir' => 'danger', 'useacl' => 'danger', 'authtype' => 'danger', 'superuser' => 'danger', 'userewrite' => 'danger', 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', 'fnencode' => 'warning', - 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'xmlrpc' => 'security', 'fullpath' => 'security' + 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'remote' => 'security', 'fullpath' => 'security' ); function setting($key, $params=null) { -- cgit v1.2.3 From 9dc3b8ab758eb9236e8f1933309f2bc539cf3f5e Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 18 Feb 2013 17:51:45 +0000 Subject: replace preset _cautionList property with _caution config metadata parameter, plugins can now easily set cautions on their settings --- lib/plugins/config/settings/config.class.php | 27 +++++++++++---- lib/plugins/config/settings/config.metadata.php | 45 +++++++++++++------------ 2 files changed, 43 insertions(+), 29 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/config/settings/config.class.php b/lib/plugins/config/settings/config.class.php index f7ab6606b..1c7d8f680 100644 --- a/lib/plugins/config/settings/config.class.php +++ b/lib/plugins/config/settings/config.class.php @@ -366,12 +366,11 @@ if (!class_exists('setting')) { var $_pattern = ''; var $_error = false; // only used by those classes which error check var $_input = null; // only used by those classes which error check + var $_caution = null; // used by any setting to provide an alert along with the setting + // valid alerts, 'warning', 'danger', 'security' + // images matching the alerts are in the plugin's images directory - var $_cautionList = array( - 'basedir' => 'danger', 'baseurl' => 'danger', 'savedir' => 'danger', 'cookiedir' => 'danger', 'useacl' => 'danger', 'authtype' => 'danger', 'superuser' => 'danger', 'userewrite' => 'danger', - 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', 'fnencode' => 'warning', - 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'remote' => 'security', 'fullpath' => 'security' - ); + static protected $_validCautions = array('warning','danger','security'); function setting($key, $params=null) { $this->_key = $key; @@ -473,8 +472,22 @@ if (!class_exists('setting')) { function error() { return $this->_error; } function caution() { - if (!array_key_exists($this->_key, $this->_cautionList)) return false; - return $this->_cautionList[$this->_key]; + if (!empty($this->_caution)) { + if (!in_array($this->_caution, setting::$_validCautions)) { + trigger_error('Invalid caution string ('.$this->_caution.') in metadata for setting "'.$this->_key.'"', E_USER_WARNING); + return false; + } + return $this->_caution; + } + // compatibility with previous cautionList + // TODO: check if any plugins use; remove + if (!empty($this->_cautionList[$this->_key])) { + $this->_caution = $this->_cautionList[$this->_key]; + unset($this->_cautionList); + + return $this->caution(); + } + return false; } function _out_key($pretty=false,$url=false) { diff --git a/lib/plugins/config/settings/config.metadata.php b/lib/plugins/config/settings/config.metadata.php index 5aedaa6f1..08003a3e4 100644 --- a/lib/plugins/config/settings/config.metadata.php +++ b/lib/plugins/config/settings/config.metadata.php @@ -51,6 +51,7 @@ * Any setting commented or missing will use 'setting' class - text input, minimal validation, quoted output * * Defined parameters: + * '_caution' - no value (default) or 'warning', 'danger', 'security'. display an alert along with the setting * '_pattern' - string, a preg pattern. input is tested against this pattern before being accepted * optional all classes, except onoff & multichoice which ignore it * '_choices' - array of choices. used to populate a selection box. choice will be replaced by a localised @@ -89,26 +90,26 @@ $config['heading'] = 'Dokuwiki\'s Main Configuration File - Local Settings'; $meta['_basic'] = array('fieldset'); $meta['title'] = array('string'); -$meta['start'] = array('string','_pattern' => '!^[^:;/]+$!'); // don't accept namespaces +$meta['start'] = array('string','_caution' => 'warning','_pattern' => '!^[^:;/]+$!'); // don't accept namespaces $meta['lang'] = array('dirchoice','_dir' => DOKU_INC.'inc/lang/'); $meta['template'] = array('dirchoice','_dir' => DOKU_INC.'lib/tpl/','_pattern' => '/^[\w-]+$/'); $meta['tagline'] = array('string'); $meta['sidebar'] = array('string'); $meta['license'] = array('license'); -$meta['savedir'] = array('savedir'); -$meta['basedir'] = array('string'); -$meta['baseurl'] = array('string'); -$meta['cookiedir'] = array('string'); +$meta['savedir'] = array('savedir','_caution' => 'danger'); +$meta['basedir'] = array('string','_caution' => 'danger'); +$meta['baseurl'] = array('string','_caution' => 'danger'); +$meta['cookiedir'] = array('string','_caution' => 'danger'); $meta['dmode'] = array('numeric','_pattern' => '/0[0-7]{3,4}/'); // only accept octal representation $meta['fmode'] = array('numeric','_pattern' => '/0[0-7]{3,4}/'); // only accept octal representation -$meta['allowdebug'] = array('onoff'); +$meta['allowdebug'] = array('onoff','_caution' => 'security'); $meta['_display'] = array('fieldset'); $meta['recent'] = array('numeric'); $meta['recent_days'] = array('numeric'); $meta['breadcrumbs'] = array('numeric','_min' => 0); $meta['youarehere'] = array('onoff'); -$meta['fullpath'] = array('onoff'); +$meta['fullpath'] = array('onoff','_caution' => 'security'); $meta['typography'] = array('multichoice','_choices' => array(0,1,2)); $meta['dformat'] = array('string'); $meta['signature'] = array('string'); @@ -117,19 +118,19 @@ $meta['toptoclevel'] = array('multichoice','_choices' => array(1,2,3,4,5)); // $meta['tocminheads'] = array('multichoice','_choices' => array(0,1,2,3,4,5,10,15,20)); $meta['maxtoclevel'] = array('multichoice','_choices' => array(0,1,2,3,4,5)); $meta['maxseclevel'] = array('multichoice','_choices' => array(0,1,2,3,4,5)); // 0 for no sec edit buttons -$meta['camelcase'] = array('onoff'); -$meta['deaccent'] = array('multichoice','_choices' => array(0,1,2)); +$meta['camelcase'] = array('onoff','_caution' => 'warning'); +$meta['deaccent'] = array('multichoice','_choices' => array(0,1,2),'_caution' => 'warning'); $meta['useheading'] = array('multichoice','_choices' => array(0,'navigation','content',1)); $meta['sneaky_index'] = array('onoff'); $meta['hidepages'] = array('regex'); $meta['_authentication'] = array('fieldset'); -$meta['useacl'] = array('onoff'); +$meta['useacl'] = array('onoff','_caution' => 'danger'); $meta['autopasswd'] = array('onoff'); -$meta['authtype'] = array('authtype'); +$meta['authtype'] = array('authtype','_caution' => 'danger'); $meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','mediawiki','bcrypt','djangomd5','djangosha1','sha512')); $meta['defaultgroup']= array('string'); -$meta['superuser'] = array('string'); +$meta['superuser'] = array('string','_caution' => 'danger'); $meta['manager'] = array('string'); $meta['profileconfirm'] = array('onoff'); $meta['rememberme'] = array('onoff'); @@ -138,7 +139,7 @@ $meta['disableactions'] = array('disableactions', '_combine' => array('subscription' => array('subscribe','unsubscribe'), 'wikicode' => array('source','export_raw'))); $meta['auth_security_timeout'] = array('numeric'); $meta['securecookie'] = array('onoff'); -$meta['remote'] = array('onoff'); +$meta['remote'] = array('onoff','_caution' => 'security'); $meta['remoteuser'] = array('string'); $meta['_anti_spam'] = array('fieldset'); @@ -146,12 +147,12 @@ $meta['usewordblock']= array('onoff'); $meta['relnofollow'] = array('onoff'); $meta['indexdelay'] = array('numeric'); $meta['mailguard'] = array('multichoice','_choices' => array('visible','hex','none')); -$meta['iexssprotect']= array('onoff'); +$meta['iexssprotect']= array('onoff','_caution' => 'security'); $meta['_editing'] = array('fieldset'); $meta['usedraft'] = array('onoff'); -$meta['htmlok'] = array('onoff'); -$meta['phpok'] = array('onoff'); +$meta['htmlok'] = array('onoff','_caution' => 'security'); +$meta['phpok'] = array('onoff','_caution' => 'security'); $meta['locktime'] = array('numeric'); $meta['cachetime'] = array('numeric'); @@ -191,20 +192,20 @@ $meta['rss_show_summary'] = array('onoff'); $meta['_advanced'] = array('fieldset'); $meta['updatecheck'] = array('onoff'); -$meta['userewrite'] = array('multichoice','_choices' => array(0,1,2)); +$meta['userewrite'] = array('multichoice','_choices' => array(0,1,2),'_caution' => 'danger'); $meta['useslash'] = array('onoff'); -$meta['sepchar'] = array('sepchar'); +$meta['sepchar'] = array('sepchar','_caution' => 'warning'); $meta['canonical'] = array('onoff'); -$meta['fnencode'] = array('multichoice','_choices' => array('url','safe','utf-8')); +$meta['fnencode'] = array('multichoice','_choices' => array('url','safe','utf-8'),'_caution' => 'warning'); $meta['autoplural'] = array('onoff'); $meta['compress'] = array('onoff'); $meta['cssdatauri'] = array('numeric','_pattern' => '/^\d+$/'); $meta['gzip_output'] = array('onoff'); $meta['send404'] = array('onoff'); -$meta['compression'] = array('compression'); +$meta['compression'] = array('compression','_caution' => 'warning'); $meta['broken_iua'] = array('onoff'); -$meta['xsendfile'] = array('multichoice','_choices' => array(0,1,2,3)); -$meta['renderer_xhtml'] = array('renderer','_format' => 'xhtml','_choices' => array('xhtml')); +$meta['xsendfile'] = array('multichoice','_choices' => array(0,1,2,3),'_caution' => 'warning'); +$meta['renderer_xhtml'] = array('renderer','_format' => 'xhtml','_choices' => array('xhtml'),'_caution' => 'warning'); $meta['readdircache'] = array('numeric'); $meta['_network'] = array('fieldset'); -- cgit v1.2.3 From 9507770d8c13e47b975bf35fe25264448da3f28a Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Wed, 20 Feb 2013 20:26:05 +0100 Subject: Fix remaining missing $INPUT uses FS#2577 This adds $INPUT in all places where it was still missing and available. $INPUT is now also used in places where using $_REQUEST/... was okay in order to make the code consistent. --- lib/plugins/authad/auth.php | 5 +++-- lib/plugins/plugin/admin.php | 3 ++- lib/plugins/revert/admin.php | 13 +++++++------ lib/plugins/usermanager/admin.php | 25 +++++++++++++------------ 4 files changed, 25 insertions(+), 21 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/authad/auth.php b/lib/plugins/authad/auth.php index f651d87a1..6c49eafbb 100644 --- a/lib/plugins/authad/auth.php +++ b/lib/plugins/authad/auth.php @@ -71,6 +71,7 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { * Constructor */ public function __construct() { + global $INPUT; parent::__construct(); // we load the config early to modify it a bit here @@ -99,8 +100,8 @@ class auth_plugin_authad extends DokuWiki_Auth_Plugin { // we need to simulate a login if(empty($_COOKIE[DOKU_COOKIE])) { - $_REQUEST['u'] = $_SERVER['REMOTE_USER']; - $_REQUEST['p'] = 'sso_only'; + $INPUT->set('u', $_SERVER['REMOTE_USER']); + $INPUT->set('p', 'sso_only'); } } diff --git a/lib/plugins/plugin/admin.php b/lib/plugins/plugin/admin.php index 8b1ee3c7d..de4de6aef 100644 --- a/lib/plugins/plugin/admin.php +++ b/lib/plugins/plugin/admin.php @@ -61,11 +61,12 @@ class admin_plugin_plugin extends DokuWiki_Admin_Plugin { * handle user request */ function handle() { + global $INPUT; // enable direct access to language strings $this->setupLocale(); - $fn = $_REQUEST['fn']; + $fn = $INPUT->param('fn'); if (is_array($fn)) { $this->cmd = key($fn); $this->plugin = is_array($fn[$this->cmd]) ? key($fn[$this->cmd]) : null; diff --git a/lib/plugins/revert/admin.php b/lib/plugins/revert/admin.php index fcdaa230d..847e38876 100644 --- a/lib/plugins/revert/admin.php +++ b/lib/plugins/revert/admin.php @@ -44,15 +44,16 @@ class admin_plugin_revert extends DokuWiki_Admin_Plugin { * output appropriate html */ function html() { + global $INPUT; echo $this->plugin_locale_xhtml('intro'); $this->_searchform(); - if(is_array($_REQUEST['revert']) && checkSecurityToken()){ - $this->_revert($_REQUEST['revert'],$_REQUEST['filter']); - }elseif(isset($_REQUEST['filter'])){ - $this->_list($_REQUEST['filter']); + if(is_array($INPUT->param('revert')) && checkSecurityToken()){ + $this->_revert($INPUT->arr('revert'),$INPUT->str('filter')); + }elseif($INPUT->has('filter')){ + $this->_list($INPUT->str('filter')); } } @@ -60,10 +61,10 @@ class admin_plugin_revert extends DokuWiki_Admin_Plugin { * Display the form for searching spam pages */ function _searchform(){ - global $lang; + global $lang, $INPUT; echo '
'; echo ''; - echo ''; + echo ''; echo ' '; echo ' '.$this->getLang('note1').''; echo '


'; diff --git a/lib/plugins/usermanager/admin.php b/lib/plugins/usermanager/admin.php index cf8963e64..01f4a4cdb 100644 --- a/lib/plugins/usermanager/admin.php +++ b/lib/plugins/usermanager/admin.php @@ -73,11 +73,12 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { * handle user request */ function handle() { + global $INPUT; if (is_null($this->_auth)) return false; // extract the command and any specific parameters // submit button name is of the form - fn[cmd][param(s)] - $fn = $_REQUEST['fn']; + $fn = $INPUT->param('fn'); if (is_array($fn)) { $cmd = key($fn); @@ -88,8 +89,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { } if ($cmd != "search") { - if (!empty($_REQUEST['start'])) - $this->_start = $_REQUEST['start']; + $this->_start = $INPUT->int('start', 0); $this->_filter = $this->_retrieveFilter(); } @@ -345,6 +345,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { } function _addUser(){ + global $INPUT; if (!checkSecurityToken()) return false; if (!$this->_auth->canDo('addUser')) return false; @@ -353,7 +354,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { if ($this->_auth->canDo('modPass')){ if (empty($pass)){ - if(!empty($_REQUEST['usernotify'])){ + if($INPUT->has('usernotify')){ $pass = auth_pwgen(); } else { msg($this->lang['add_fail'], -1); @@ -393,7 +394,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { msg($this->lang['add_ok'], 1); - if (!empty($_REQUEST['usernotify']) && $pass) { + if ($INPUT->has('usernotify') && $pass) { $this->_notifyUser($user,$pass); } } else { @@ -407,13 +408,13 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { * Delete user */ function _deleteUser(){ - global $conf; + global $conf, $INPUT; if (!checkSecurityToken()) return false; if (!$this->_auth->canDo('delUser')) return false; - $selected = $_REQUEST['delete']; - if (!is_array($selected) || empty($selected)) return false; + $selected = $INPUT->arr('delete'); + if (empty($selected)) return false; $selected = array_keys($selected); if(in_array($_SERVER['REMOTE_USER'], $selected)) { @@ -463,13 +464,13 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { * Modify user (modified user data has been recieved) */ function _modifyUser(){ - global $conf; + global $conf, $INPUT; if (!checkSecurityToken()) return false; if (!$this->_auth->canDo('UserMod')) return false; // get currently valid user data - $olduser = cleanID(preg_replace('/.*:/','',$_REQUEST['userid_old'])); + $olduser = cleanID(preg_replace('/.*:/','',$INPUT->str('userid_old'))); $oldinfo = $this->_auth->getUserData($olduser); // get new user data subject to change @@ -494,7 +495,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { } // generate password if left empty and notification is on - if(!empty($_REQUEST['usernotify']) && empty($newpass)){ + if($INPUT->has('usernotify') && empty($newpass)){ $newpass = auth_pwgen(); } @@ -510,7 +511,7 @@ class admin_plugin_usermanager extends DokuWiki_Admin_Plugin { if ($ok = $this->_auth->triggerUserMod('modify', array($olduser, $changes))) { msg($this->lang['update_ok'],1); - if (!empty($_REQUEST['usernotify']) && $newpass) { + if ($INPUT->has('usernotify') && $newpass) { $notify = empty($changes['user']) ? $olduser : $newuser; $this->_notifyUser($notify,$newpass); } -- cgit v1.2.3 From a4655683f1e9b4bf77a25334cd447b4b50e1c151 Mon Sep 17 00:00:00 2001 From: Lorenzo Radaelli Date: Sun, 24 Feb 2013 10:36:18 +0100 Subject: Italian language update --- lib/plugins/authad/lang/it/settings.php | 5 +++++ lib/plugins/authldap/lang/it/settings.php | 5 +++++ lib/plugins/authmysql/lang/it/settings.php | 5 +++++ lib/plugins/authpgsql/lang/it/settings.php | 5 +++++ lib/plugins/config/lang/it/lang.php | 1 + 5 files changed, 21 insertions(+) create mode 100644 lib/plugins/authad/lang/it/settings.php create mode 100644 lib/plugins/authldap/lang/it/settings.php create mode 100644 lib/plugins/authmysql/lang/it/settings.php create mode 100644 lib/plugins/authpgsql/lang/it/settings.php (limited to 'lib/plugins') diff --git a/lib/plugins/authad/lang/it/settings.php b/lib/plugins/authad/lang/it/settings.php new file mode 100644 index 000000000..10ae72f87 --- /dev/null +++ b/lib/plugins/authad/lang/it/settings.php @@ -0,0 +1,5 @@ + Date: Sun, 24 Feb 2013 10:37:45 +0100 Subject: Simplified Chinese language update --- lib/plugins/authad/lang/zh/settings.php | 18 ++++++++++++++ lib/plugins/authldap/lang/zh/settings.php | 20 +++++++++++++++ lib/plugins/authmysql/lang/zh/settings.php | 40 ++++++++++++++++++++++++++++++ lib/plugins/authpgsql/lang/zh/settings.php | 37 +++++++++++++++++++++++++++ 4 files changed, 115 insertions(+) create mode 100644 lib/plugins/authad/lang/zh/settings.php create mode 100644 lib/plugins/authldap/lang/zh/settings.php create mode 100644 lib/plugins/authmysql/lang/zh/settings.php create mode 100644 lib/plugins/authpgsql/lang/zh/settings.php (limited to 'lib/plugins') diff --git a/lib/plugins/authad/lang/zh/settings.php b/lib/plugins/authad/lang/zh/settings.php new file mode 100644 index 000000000..9fd3c4e35 --- /dev/null +++ b/lib/plugins/authad/lang/zh/settings.php @@ -0,0 +1,18 @@ + + */ +$lang['account_suffix'] = '您的账户后缀。例如 @my.domain.org'; +$lang['base_dn'] = '您的基本分辨名。例如 DC=my,DC=domain,DC=org'; +$lang['domain_controllers'] = '逗号分隔的域名控制器列表。例如 srv1.domain.org,srv2.domain.org'; +$lang['ad_username'] = '一个活动目录的特权用户,可以查看其他所有用户的数据。可选,但对某些活动例如发送订阅邮件是必须的。'; +$lang['ad_password'] = '上述用户的密码。'; +$lang['sso'] = '是否使用经由 Kerberos 和 NTLM 的 Single-Sign-On?'; +$lang['real_primarygroup'] = ' 是否解析真实的主要组,而不是假设为“域用户” (较慢)'; +$lang['use_ssl'] = '使用 SSL 连接?如果是,不要激活下面的 TLS。'; +$lang['use_tls'] = '使用 TLS 连接?如果是 ,不要激活上面的 SSL。'; +$lang['debug'] = '有错误时显示额外的调试信息?'; +$lang['expirywarn'] = '提前多少天警告用户密码即将到期。0 则禁用。'; +$lang['additional'] = '需要从用户数据中获取的额外 AD 属性的列表,以逗号分隔。用于某些插件。'; diff --git a/lib/plugins/authldap/lang/zh/settings.php b/lib/plugins/authldap/lang/zh/settings.php new file mode 100644 index 000000000..e84511b42 --- /dev/null +++ b/lib/plugins/authldap/lang/zh/settings.php @@ -0,0 +1,20 @@ + + */ +$lang['server'] = '您的 LDAP 服务器。填写主机名 (localhost) 或者完整的 URL (ldap://server.tld:389)'; +$lang['port'] = 'LDAP 服务器端口 (如果上面没有给出完整的 URL)'; +$lang['usertree'] = '何处查找用户账户。例如 ou=People, dc=server, dc=tld'; +$lang['grouptree'] = '何处查找用户组。例如 ou=Group, dc=server, dc=tld'; +$lang['userfilter'] = '用于搜索用户账户的 LDAP 筛选器。例如 (&(uid=%{user})(objectClass=posixAccount))'; +$lang['groupfilter'] = '用于搜索组的 LDAP 筛选器。例如 (&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; +$lang['version'] = '使用的协议版本。您或许需要设置为 3'; +$lang['starttls'] = '使用 TLS 连接?'; +$lang['referrals'] = '是否允许引用 (referrals)?'; +$lang['binddn'] = '一个可选的绑定用户的 DN (如果匿名绑定不满足要求)。例如 Eg. cn=admin, dc=my, dc=home'; +$lang['bindpw'] = '上述用户的密码'; +$lang['userscope'] = '限制用户搜索的范围'; +$lang['groupscope'] = '限制组搜索的范围'; +$lang['debug'] = '有错误时显示额外的调试信息'; diff --git a/lib/plugins/authmysql/lang/zh/settings.php b/lib/plugins/authmysql/lang/zh/settings.php new file mode 100644 index 000000000..43cfbb3c0 --- /dev/null +++ b/lib/plugins/authmysql/lang/zh/settings.php @@ -0,0 +1,40 @@ + + */ +$lang['server'] = '您的 MySQL 服务器'; +$lang['user'] = 'MySQL 用户名'; +$lang['password'] = '上述用户的密码'; +$lang['database'] = '使用的数据库'; +$lang['debug'] = '显示额外调试信息'; +$lang['forwardClearPass'] = '将用户密码以明文形式传送给下面的 SQL 语句,而不使用 passcrypt 密码加密选项'; +$lang['TablesToLock'] = '在写操作时需要锁定的数据表列表,以逗号分隔'; +$lang['checkPass'] = '检查密码的 SQL 语句'; +$lang['getUserInfo'] = '获取用户信息的 SQL 语句'; +$lang['getGroups'] = '或许用户的组成员身份的 SQL 语句'; +$lang['getUsers'] = '列出所有用户的 SQL 语句'; +$lang['FilterLogin'] = '根据登录名筛选用户的 SQL 子句'; +$lang['FilterName'] = '根据全名筛选用户的 SQL 子句'; +$lang['FilterEmail'] = '根据电子邮件地址筛选用户的 SQL 子句'; +$lang['FilterGroup'] = '根据组成员身份筛选用户的 SQL 子句'; +$lang['SortOrder'] = '对用户排序的 SQL 子句'; +$lang['addUser'] = '添加新用户的 SQL 语句'; +$lang['addGroup'] = '添加新组的 SQL 语句'; +$lang['addUserGroup'] = '将用户添加到现有组的 SQL 语句'; +$lang['delGroup'] = '删除组的 SQL 语句'; +$lang['getUserID'] = '获取用户主键的 SQL 语句'; +$lang['delUser'] = '删除用户的 SQL 语句'; +$lang['delUserRefs'] = '从所有组中删除一个用户的 SQL 语句'; +$lang['updateUser'] = '更新用户信息的 SQL 语句'; +$lang['UpdateLogin'] = '更新用户登录名的 Update 子句'; +$lang['UpdatePass'] = '更新用户密码的 Update 子句'; +$lang['UpdateEmail'] = '更新用户电子邮件地址的 Update 子句'; +$lang['UpdateName'] = '更新用户全名的 Update 子句'; +$lang['UpdateTarget'] = '更新时识别用户的 Limit 子句'; +$lang['delUserGroup'] = '从指定组删除用户的 SQL 语句'; +$lang['getGroupID'] = '获取指定组主键的 SQL 语句'; +$lang['debug_o_0'] = '无'; +$lang['debug_o_1'] = '仅在有错误时'; +$lang['debug_o_2'] = '所有 SQL 查询'; diff --git a/lib/plugins/authpgsql/lang/zh/settings.php b/lib/plugins/authpgsql/lang/zh/settings.php new file mode 100644 index 000000000..dc7223d89 --- /dev/null +++ b/lib/plugins/authpgsql/lang/zh/settings.php @@ -0,0 +1,37 @@ + + */ +$lang['server'] = '您的 PostgreSQL 服务器'; +$lang['port'] = '您的 PostgreSQL 服务器端口'; +$lang['user'] = 'PostgreSQL 用户名'; +$lang['password'] = '上述用户的密码'; +$lang['database'] = '使用的数据库'; +$lang['debug'] = '显示额外调试信息'; +$lang['forwardClearPass'] = '将用户密码以明文形式传送给下面的 SQL 语句,而不使用 passcrypt 密码加密选项'; +$lang['checkPass'] = '检查密码的 SQL 语句'; +$lang['getUserInfo'] = '获取用户信息的 SQL 语句'; +$lang['getGroups'] = '获取用户的组成员身份的 SQL 语句'; +$lang['getUsers'] = '列出所有用户的 SQL 语句'; +$lang['FilterLogin'] = '根据登录名筛选用户的 SQL 子句'; +$lang['FilterName'] = '根据全名筛选用户的 SQL 子句'; +$lang['FilterEmail'] = '根据电子邮件地址筛选用户的 SQL 子句'; +$lang['FilterGroup'] = '根据组成员身份筛选用户的 SQL 子句'; +$lang['SortOrder'] = '对用户排序的 SQL 子句'; +$lang['addUser'] = '添加新用户的 SQL 语句'; +$lang['addGroup'] = '添加新组的 SQL 语句'; +$lang['addUserGroup'] = '将用户添加到现有组的 SQL 语句'; +$lang['delGroup'] = '删除组的 SQL 语句'; +$lang['getUserID'] = '获取用户主键的 SQL 语句'; +$lang['delUser'] = '删除用户的 SQL 语句'; +$lang['delUserRefs'] = '从所有组中删除一个用户的 SQL 语句'; +$lang['updateUser'] = '更新用户信息的 SQL 语句'; +$lang['UpdateLogin'] = '更新用户登录名的 Update 子句'; +$lang['UpdatePass'] = '更新用户密码的 Update 子句'; +$lang['UpdateEmail'] = '更新用户电子邮件地址的 Update 子句'; +$lang['UpdateName'] = '更新用户全名的 Update 子句'; +$lang['UpdateTarget'] = '更新时识别用户的 Limit 子句'; +$lang['delUserGroup'] = '从指定组删除用户的 SQL 语句'; +$lang['getGroupID'] = '获取指定组主键的 SQL 语句'; -- cgit v1.2.3 From bdac741579f8c6f00248d5d3ec635d4c2e08fb1e Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 24 Feb 2013 10:39:52 +0100 Subject: fixed typos --- lib/plugins/authldap/lang/en/settings.php | 4 ++-- lib/plugins/authpgsql/lang/en/settings.php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'lib/plugins') diff --git a/lib/plugins/authldap/lang/en/settings.php b/lib/plugins/authldap/lang/en/settings.php index 0bb397be5..ddedf8ae3 100644 --- a/lib/plugins/authldap/lang/en/settings.php +++ b/lib/plugins/authldap/lang/en/settings.php @@ -1,14 +1,14 @@ localhost) or full qualified URL (ldap://server.tld:389)'; $lang['port'] = 'LDAP server port if no full URL was given above'; -$lang['usertree'] = 'Where to finde the user accounts. Eg. ou=People, dc=server, dc=tld'; +$lang['usertree'] = 'Where to find the user accounts. Eg. ou=People, dc=server, dc=tld'; $lang['grouptree'] = 'Where to find the user groups. Eg. ou=Group, dc=server, dc=tld'; $lang['userfilter'] = 'LDAP filter to search for user accounts. Eg. (&(uid=%{user})(objectClass=posixAccount))'; $lang['groupfilter'] = 'LDAP filter to search for groups. Eg. (&(objectClass=posixGroup)(|(gidNumber=%{gid})(memberUID=%{user})))'; $lang['version'] = 'The protocol version to use. You may need to set this to 3'; $lang['starttls'] = 'Use TLS connections?'; $lang['referrals'] = 'Shall referrals be followed?'; -$lang['binddn'] = 'DN of an ptional bind user if anonymous bind is not sufficient. Eg. cn=admin, dc=my, dc=home'; +$lang['binddn'] = 'DN of an optional bind user if anonymous bind is not sufficient. Eg. cn=admin, dc=my, dc=home'; $lang['bindpw'] = 'Password of above user'; $lang['userscope'] = 'Limit search scope for user search'; $lang['groupscope'] = 'Limit search scope for group search'; diff --git a/lib/plugins/authpgsql/lang/en/settings.php b/lib/plugins/authpgsql/lang/en/settings.php index 74a1c1cc9..8c048fa0f 100644 --- a/lib/plugins/authpgsql/lang/en/settings.php +++ b/lib/plugins/authpgsql/lang/en/settings.php @@ -20,7 +20,7 @@ $lang['addUser'] = 'SQL statement to add a new user'; $lang['addGroup'] = 'SQL statement to add a new group'; $lang['addUserGroup'] = 'SQL statment to add a user to an existing group'; $lang['delGroup'] = 'SQL statement to remove a group'; -$lang['getUserID'] = 'SQL statement to get the primary ey of a user'; +$lang['getUserID'] = 'SQL statement to get the primary key of a user'; $lang['delUser'] = 'SQL statement to delete a user'; $lang['delUserRefs'] = 'SQL statement to remove a user from all groups'; $lang['updateUser'] = 'SQL statement to update a user profile'; -- cgit v1.2.3