summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* check permissions in ACL plugin's RPC API component. #1056Andreas Gohr2015-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fix Severity: Medium Type: Remote Priviledge Escalation Remote: yes Vulnerability Details: This fixes a security hole in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also had permissions to set up their own ACL rules and thus circumventing any existing rules. Risk Assessment: The XMLRPC API in DokuWiki is marked experimental and off by default. It also implements an additional safeguard by giving access to a configured circle of users and groups only. So only a minor number of DokuWiki installations will be affected at all. For affected installations the risk is high if users with access to the API are not to be trusted. Thus the overall severity of medium. Resolution: Installations applying this commit are safe. A hotfix is about to be released. Meanwhile users are advised to disable the XMLRPC API in the config manager.
* Hotfix Release 2014-09-29b "Hrun"Guy Brand2014-12-03
|
* disable flash uploading by defaultAndreas Gohr2014-12-03
| | | | Thanks to Kacper Szurek for reporting this
* Hotfix Release 2014-09-29a "Hrun"Guy Brand2014-10-08
|
* Merge branch 'master' into stableGuy Brand2014-10-08
|\
| * Release preparationGuy Brand2014-10-08
| |
| * Merge pull request #886 from splitbrain/chris_pcre66_bugChristopher Smith2014-10-07
| |\ | | | | | | Fix for issues #877 & #885 related to a bug in PCRE 6.6
| | * escaping backslash should be included in split itemsChristopher Smith2014-10-04
| | |
| | * Fix for issues 877 & 885 related to a bug in PCRE 6.6Christopher Smith2014-10-03
| | |
| * | do not use Accept-Encoding in browser UIDAndreas Gohr2014-10-06
| | | | | | | | | | | | | | | | | | | | | | | | | | | Since Chrome 37, they send differen accept encodings for POST and GET requests which will break BrowserUID checks as reported in cosmocode/dokuwiki-plugin-oauth/issues/3 See https://code.google.com/p/chromium/issues/detail?id=410559 for official bug report at Google
| * | Merge pull request #887 from hanche/fix-lang-noChristopher Smith2014-10-06
| |\ \ | | |/ | |/| Fix broken format string
| | * Fix brokan format stringHarald Hanche-Olsen2014-10-05
| |/
* | Release 2014-09-29 "Hrun"Andreas Gohr2014-09-29
| |
* | Merge branch 'master' into stableAndreas Gohr2014-09-29
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * master: (214 commits) release preparations postgresql auth plugin: correct function name parse AT parameter: first strtotime then timestamp remove config option move more strings to lang.php move strings to lang.php add placeholders for create page text phpdocs parserutils improve some scrutinizer issues visibility plugin methods use config cascade for loading of localizations reformatting config cascade add lang files to cascading work around missing gzopen on certain systems #865 translation update fix scrutinizer issues fixed typos in docblock comments do not allow empty passwords clean user credentials from control chars added filter method to INPUT class translation update ...
| * release preparationsAndreas Gohr2014-09-29
| |
| * Merge pull request #708 from splitbrain/overridablelangstringsAndreas Gohr2014-09-29
| |\ | | | | | | extend lang file cascade, so users can override some lang strings
| | * phpdocs parserutilsGerrit Uitslag2014-09-28
| | |
| | * improve some scrutinizer issuesGerrit Uitslag2014-09-28
| | | | | | | | | | | | | | | | | | different types unused vars PHPDocs
| | * Merge remote-tracking branch 'origin/master' into overridablelangstringsGerrit Uitslag2014-09-28
| | |\ | | | | | | | | | | | | | | | | Conflicts: inc/plugin.php
| | * | visibility plugin methodsGerrit Uitslag2014-09-28
| | | |
| | * | use config cascade for loading of localizationsGerrit Uitslag2014-09-28
| | | |
| | * | reformatting config cascadeGerrit Uitslag2014-09-27
| | | |
| | * | add lang files to cascadingGerrit Uitslag2014-09-27
| | | |
| | * | extend lang file cascade, so users can override some lang stringsGerrit Uitslag2014-05-13
| | | | | | | | | | | | | | | | Fixes #692
| * | | Merge pull request #624 from lisps/revisionsAndreas Gohr2014-09-29
| |\ \ \ | | | | | | | | | | date_at support
| | * | | parse AT parameter: first strtotime then timestamplisps2014-09-29
| | | | | | | | | | | | | | | | | | | | remove config option
| | * | | fix scrutinizer issueslisps2014-09-26
| | | | |
| | * | | Merge remote-tracking branch master into revisionslisps2014-09-26
| | |\ \ \
| | * | | | fix config optionlisps2014-03-19
| | | | | |
| | * | | | add config date_at_formatlisps2014-03-19
| | | | | | | | | | | | | | | | | | change translation message
| | * | | | Merge remote-tracking branch 'remotes/origin/master' into revisions_locallisps2014-03-19
| | |\ \ \ \
| | * | | | | add missing parameterlisps2014-02-22
| | | | | | |
| | * | | | | fix check link existence, have to call getLastRevisionAt for every linklisps2014-02-22
| | | | | | |
| | * | | | | check link existencelisps2014-02-20
| | | | | | |
| | * | | | | rename classnamelisps2014-02-17
| | | | | | |
| | * | | | | fix last mergelisps2014-02-17
| | | | | | |
| | * | | | | Merge remote-tracking branch 'origin/diff_navigation' into revisionslisps2014-02-17
| | |\ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Conflicts: inc/parser/xhtml.php
| | * \ \ \ \ \ Merge branch 'splitbrain/diff_navigation' into revisionslisps2013-11-27
| | |\ \ \ \ \ \
| | * | | | | | | change behavior only on date_atlisps2013-11-25
| | | | | | | | |
| | * | | | | | | Merge remote-tracking branch 'remotes/splitbrain/diff_navigation' into revisionslisps2013-11-25
| | |\ \ \ \ \ \ \
| | * | | | | | | | add test for empty rev in ml() and wl()lisps2013-11-22
| | | | | | | | | |
| | * | | | | | | | rename function _getProperMediaRevision to _getLastMediaRevisionAtlisps2013-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | reduce a bit duplicated code
| | * | | | | | | | restore old version of pageinfo()lisps2013-11-22
| | | | | | | | | |
| | * | | | | | | | localize msglisps2013-11-22
| | | | | | | | | |
| | * | | | | | | | add test getlastrevisionatlisps2013-11-22
| | | | | | | | | |
| | * | | | | | | | fix function name media_isexternal()lisps2013-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | remove empty rev from ml() rename getProperRevision() to getLastRevisionAt() make getLastRevisionAt() a method of ChangeLog
| | * | | | | | | | Merge remote-tracking branch 'remotes/splitbrain/diff_navigation' into revisionslisps2013-11-22
| | |\ \ \ \ \ \ \ \
| | * | | | | | | | | remove property rev from xhtml.phplisps2013-11-22
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | changed variable name $create_time to $modified_time
| | * | | | | | | | | add parameter at($DATE_AT) and mind revisionslisps2013-11-21
| | | | | | | | | | |
| * | | | | | | | | | Merge pull request #563 from splitbrain/FS#2697searchpagereadonlyAndreas Gohr2014-09-29
| |\ \ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | | | | | Update text above searchresults, when only read-acl FS#2697
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 19:56:53 +0000