| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |\
| |
| | |
indexer.php: slow page loads on lighttpd due to missing ob_flush()
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
I'm running this dokuwiki docker container: https://registry.hub.docker.com/u/mprasil/dokuwiki/
It uses lighttpd and fastcgi. For some reason, the ignore_user_abort() feature where the browser should close the connection after the GIF has been received is not working on lighty. The browser keeps loading the page until the indexer run is complete, which leads to extremely slow load times with a larger page index.
Adding ob_flush() to sendGIF fixes the issue.
|
| | |
| |
| |
| |
| |
| | |
it seems that different zlib versions behave different with corrupted files.
Some return false, some return whatever they still can read from the
file. the file now should no longer be readable by any version.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The user properties (login, real name, etc) where not properly escaped
in the user manager's edit form. This allowed a XSS attack on the
superuser by registered users.
Thanks to Filippo Cavallarin from www.segment.technology for discovering
this bug.
|
| | |
| |
| |
| |
| | |
This also reverses the order of crypto protocols tried again. Using TLS
first again. related to #915
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
The code reading .bz2 compressed files did not correctly check for
possible read errors. In case of a corrupted file this could have led to
an infinite loop.
Thanks to Filippo Cavallarin from www.segment.technology for dicovering
this bug.
|
| |\ \
| | |
| | | |
Translation update (he)
|
| |/ / |
|
| | | |
|
| |\ \
| | |
| | | |
Translation update (da)
|
| |/ / |
|
| | | |
|
| |\ \
| | |
| | | |
Add two config options to authldap
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
attribute holding the username, 'modPass' allows to disable
password changing by the user.
|
| |\ \ \
| | | |
| | | | |
Get total number of users in ad, needed for paging
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Since we cannot effectively filter for groups and have to work with
incremental prefetching, the ``last`` button is mostly broken/buggy.
Hence it is disabled in this usecase.
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
| | |/ /
|/| |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
While Browsers (IE of course) still fail to accept the correct
application/javascript mimetype in the type attribute of the script
element, we should serve the scripts with the correct Content-Type
header at least. This is especially important as the default
configuration of mod_deflate expects application/javascript and will not
compress text/javascript.
|
| |\ \ \
| |/ /
|/| | |
simple fix for pageID clash with sidebar in mobile view
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
Since the pageid is no longer positioned absolute it clashed with the
sidebar since #1027. this introduces a very simplisitc fix.
|
| |\ \ \
| | | |
| | | | |
Translation update (fr)
|
| |/ / / |
|
| |/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Security Fix
Severity: Medium
Type: Remote Priviledge Escalation
Remote: yes
Vulnerability Details:
This fixes a security hole in the ACL plugins remote API component. The
plugin failed to check for superuser permissions before executing ACL
addition or deletion. This means everybody with permissions to call the
XMLRPC API also had permissions to set up their own ACL rules and thus
circumventing any existing rules.
Risk Assessment:
The XMLRPC API in DokuWiki is marked experimental and off by default. It
also implements an additional safeguard by giving access to a configured
circle of users and groups only. So only a minor number of DokuWiki
installations will be affected at all.
For affected installations the risk is high if users with access to the
API are not to be trusted.
Thus the overall severity of medium.
Resolution:
Installations applying this commit are safe. A hotfix is about to be
released. Meanwhile users are advised to disable the XMLRPC API in the
config manager.
|
| |\ \
| | |
| | | |
avoid messages pushing down page tools. fixes #1011
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | | |
This moves the message area into content div. The pageid is now aligned
by floating instead of absolute positioning.
|
| | | | |
|
| |\ \ \
| | | |
| | | | |
Add missing tbody to renderer
|
| | | | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Normalization is required to manage multibyte characters.
|
| | | | | | |
|
| | |/ / /
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The OSX uses Unicode-NFD so normalization is required to manage multibyte characters.
( http://unicode.org/reports/tr15/ )
If don't do that, DokuWiki can't find the file uploaded from OS X with multibyte filename like '도쿠위키.jpg'
|
| |\ \ \ \
| |/ / /
|/| | | |
New event: HTML_SHOWREV_OUTPUT
|
| | | | | |
|
| | | | | |
|
| | |\ \ \
| |/ / /
|/| | | |
|
| |\ \ \ \
| | | | |
| | | | | |
Update template.php
|
| |/ / / /
| | | |
| | | | |
Added placeholder in search textarea
|
| |\ \ \ \
| | | | |
| | | | | |
Update wordblock.conf
|
| | | | | |
| | | | |
| | | | | |
moved those keywords to http & added penis
|
