| Commit message (Collapse) | Author | Age | |
|---|---|---|---|
| * | Fix several security issues in the XML-RPC interface | Michael Hamann | 2011-01-16 |
| | | | | | | | | | | | | | | | | For locks and getRevisions there hasn't been any acl check. In many other cases the id hadn't been cleaned before the acl check was done which means that many acl rules that should be applied weren't applied. So e.g. when you have read permissions for the root namespace but not for a subnamespace you could add a leading ":" and the permissions for the root namespace will be used instead of the permissions for the subnamespace. This did not apply to writing pages and reading media files, but writing and deleting media files have been concerned as well as reading both plain and html versions of pages. This only concerns installations where XML-RPC is enabled (default is disabled) and XML-RPC is allowed for all or untrusted users. | ||
| * | preg_quote namespaces in auth_aclcheck | Michael Hamann | 2011-01-16 |
| | | | | | | | | | | | | | | | | | | | | | | | | | Like ids namespaces are now preg_quoted in the acl check (and therefore the escaping of "*" has been removed). When plugins call the ACL check function with strange ids the regex fails otherwise (in the case of the include plugin errors like "Warning: preg_grep() [function.preg-grep]: Compilation failed: missing terminating ] for character class at offset 47" have been reported by two users). I've run the acl tests after this change and everything passes so this shouldn't break anything but please test this especially with protected wikis as this change modifies the code that handles namespace permissions. Furthermore permissions for a namespace foobar are no longer applied to namespaces with names like foo.ar, I hope nobody has used that "feature". When you are using per-user namespaces, user registration is open and either write or read protection for these namespaces is important to you this is a security fix for you: When someone wants to get access to the namespace of a user "foo.bar" he can register as "fooxbar" (where "x" is an arbitrary character) and will have access to the user namespace of the user "foo.bar" as when a page in "foo.bar" is checked it will match the rule for "fooxbar". | ||
| * | maintain the list of removed files in the repository | Andreas Gohr | 2010-11-11 |
| | | | | | | this is mainly for use with plugin:upgrade and thus will be cherrypicked into the current stable branch as well. | ||
| * | Release 2010-11-07 "Anteater" | Andreas Gohr | 2010-11-07 |
| | | |||
| * | Merge branch 'master' into stable | Andreas Gohr | 2010-11-07 |
| |\ | |||
| | * | release preparations | Andreas Gohr | 2010-11-07 |
| | | | |||
| | * | spam list update | Andreas Gohr | 2010-11-07 |
| | | | |||
| | * | Merge branch 'master' of github.com:splitbrain/dokuwiki | Anika Henke | 2010-11-07 |
| | |\ | |||
| | | * | - copy over identical sxw,odt fileicons | Elan Ruusamäe | 2010-11-07 |
| | | | | |||
| | | * | - copy over identical tgz,gz fileicons | Elan Ruusamäe | 2010-11-07 |
| | | | | |||
| | | * | - copy over identical sxi,odp fileicons | Elan Ruusamäe | 2010-11-07 |
| | | | | |||
| | | * | - copy over identical html,htm fileicons | Elan Ruusamäe | 2010-11-07 |
| | | | | |||
| | | * | - copy over identical sxc,ods,odc fileicons | Elan Ruusamäe | 2010-11-07 |
| | | | | |||
| | | * | - copy over identical sxd,odi,odg fileicons | Elan Ruusamäe | 2010-11-07 |
| | | | | |||
| | | * | - copy over identical gif/jpg/png/jpeg fileicons | Elan Ruusamäe | 2010-11-07 |
| | | | | |||
| | | * | Chinese Language update | Choicky Chou | 2010-11-07 |
| | | | | |||
| | | * | handle mailfrom replacements in a central place FS#2091 | Andreas Gohr | 2010-11-05 |
| | | | | |||
| | | * | style fixes for RTL languages FS#2089 | Andreas Gohr | 2010-11-05 |
| | | | | |||
| | | * | Add comment (see #1942, f338aa80, 64726aa44) | Adrian Lang | 2010-11-01 |
| | | | | |||
| | | * | Remember current page when saving configuration | Tom N Harris | 2010-11-01 |
| | | | | |||
| | | * | Fix XSS vulnerability FS#2085 | Vadim Nevorotin | 2010-10-31 |
| | | | | |||
| | * | | make custom buttons possible with html_btn() without the need of global ↵ | Anika Henke | 2010-11-07 |
| | |/ | | | | | | | $lang (more consistent with tpl_pagelink()) | ||
| | * | Merge remote branch 'lupo49/master' | Andreas Gohr | 2010-10-30 |
| | |\ | |||
| | | * | de-informal / typo fix | Matthias Schulte | 2010-10-27 |
| | | | | | | | | | | | | | de / typo fix | ||
| | | * | de / typo fixed | Matthias Schulte | 2010-10-27 |
| | | | | |||
| | * | | Basque language update | Inko I.A | 2010-10-30 |
| | | | | |||
| * | | | Version upped to rc2010-10-27 "Busy Wednesday" | Andreas Gohr | 2010-10-27 |
| | | | | |||
| * | | | Merge branch 'master' into stable | Andreas Gohr | 2010-10-27 |
| |\| | | |||
| | * | | preparations for another release candidate | Andreas Gohr | 2010-10-27 |
| | | | | |||
| | * | | disable media options dialog FS#2047 | Andreas Gohr | 2010-10-27 |
| | |/ | | | | | | | | | | | | | The media options dialog has currently an open bug regarding the behavior of the nolink option. Additionally will wrong syntax be inserted when using Internet Explorer < 8. Since this can't be fixed on time, this patch disables the media options for the release. | ||
| | * | Fix SafeFN-encoded file names | Adrian Lang | 2010-10-26 |
| | | | | | | | | | SafeFN encoding now always end the encoding block by appending a dot at the end of the file name. This is necessary since the file name may get an extension which is not encoded. | ||
| | * | do not strip .txt in namespaces in index | Andreas Gohr | 2010-10-26 |
| | | | |||
| | * | Fix GET-after-POST redirect in plugin manager | Adrian Lang | 2010-10-26 |
| | | | | | | | | | | | The redirect target URL is constructed with escaped ampersands since b625808123f. Thanks to Chris Tapp for pointing out. | ||
| | * | Fix JS error due to disabled JS based hotkeys because of FS#1958 | Michael Hamann | 2010-10-26 |
| | | | |||
| | * | Honor allowdebug setting in lib/exe/indexer | Adrian Lang | 2010-10-25 |
| | | | |||
| | * | Fix sorting of quicksearch results | Adrian Lang | 2010-10-24 |
| | | | |||
| | * | fixed missing global | Andreas Gohr | 2010-10-24 |
| | | | |||
| | * | detect corrupt title indexes FS#2076 | Andreas Gohr | 2010-10-24 |
| | | | |||
| | * | use gmdate in installer | Andreas Gohr | 2010-10-24 |
| | | | |||
| | * | Typos | Andreas Haerter | 2010-10-24 |
| | | | |||
| | * | Small notation adjustment to lang: de (informal) | Andreas Haerter | 2010-10-24 |
| | | | |||
| | * | Correctly decode user names in unsubscriptions | Adrian Lang | 2010-10-22 |
| | | | |||
| | * | disabled JS based hotkeys for next stable release FS#1958 | Andreas Gohr | 2010-10-22 |
| | | | |||
| | * | Correctly decode user names in subscriptions | Adrian Lang | 2010-10-21 |
| | | | |||
| | * | Chinese language update | lainme | 2010-10-19 |
| | | | |||
| | * | Portuguese language update | André Neves | 2010-10-19 |
| | | | |||
| | * | fix hotkeys on anchors (click() undefined) FS#1958 | Andreas Gohr | 2010-10-19 |
| | | | |||
| | * | make sure linkwizard position is absolute FS#2065 | Andreas Gohr | 2010-10-19 |
| | | | |||
| | * | remove deprecated scriptify() mechanism | Andreas Gohr | 2010-10-18 |
| | | | |||
| | * | removed deprecated index update function | Andreas Gohr | 2010-10-18 |
| | | | |||
 |
index : rpg | |
| Můj web o RP hrách | ctibor@brancik.cz |
| summaryrefslogtreecommitdiff |