summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* better check for images in fetch.phpAndreas Gohr2006-10-18
| | | | | | | | This patch is an enhancement to yesterday's changes. The ability to download external content could be used for XSS attacks, when faking the sent MIME type. This patch adds a check on the received data for valid images. darcs-hash:20061018124942-7ad00-4e8bca7d3877e6a10c348b5d45499cf8adf8b087.gz
* restrict fetch.php's download abilitiesAndreas Gohr2006-10-17
| | | | | | | | | | | | | | | | | | This patch changes fetch.php ability to download external files. It now checks for the returned MIME type and will only download images. For all other MIME types a redirect is sent back to the browser. This reduces the risc of being misused as open proxy. Additionally the download facility is disabled completly by default by setting the fetchsize option to 0. Users who want the feature need to overwrite the option in their local.php. Background: The ability to download external files is needed to resize external images on the server side. When disabled, a redirect is sent to the browser which will download the fullsize image and rescale it on the client side which is more bandwidth and CPU intensive. darcs-hash:20061017175329-7ad00-cd1b1bfa043a04540c51ca8380d28deaa14147d1.gz
* read old revisons from the attic additionally to the changelog infosAndreas Gohr2006-10-17
| | | | darcs-hash:20061017091036-7ad00-41df4dbaddb0a20d0f000f7a1bb000aaf2176185.gz
* russian updateDenis Simakov2006-10-09
| | | | darcs-hash:20061009103112-3c565-b3883aadc0875d06ddadcd54a0dab2075e415eef.gz
* docs update for tpl_button and tpl_actionlinkDenis Simakov2006-10-11
| | | | darcs-hash:20061011141043-3c565-9509bda5d864e0fbb42088d04d5b6f337dd18eb7.gz
* a bit of strictness for mediamgr + login formAnika Henke2006-10-16
| | | | darcs-hash:20061015222040-d5083-afb1c38f5bb2610260bbc51fbff816a8ed2e5f49.gz
* typo in doAnika Henke2006-10-16
| | | | darcs-hash:20061015222615-d5083-774269139d15c9a12b364e2c88dea46b477c912e.gz
* multiple language updatesAndreas Gohr2006-10-13
| | | | darcs-hash:20061013113521-7ad00-1ab48718ab30e042971a6dd6ef595462185955e6.gz
* IT-20060829-patchpolinnia2006-08-29
| | | | | | | - translated new strings in registermail.txt, config e usermanager plugins - fixed changed parameter in config plugin darcs-hash:20060829170241-57bea-24bf2cbfb341f25b1461cc7cd4fc442e0f44d511.gz
* fix user group name in install.phpAndreas Gohr2006-10-10
| | | | darcs-hash:20061010111646-7ad00-9b0b08b448f0dcadebff784f27f0ec28d49cbc21.gz
* lower chunksize in wordblock #938Andreas Gohr2006-10-09
| | | | | | | There were recent reports of exceeded patternsize in the wordblock function when used with PHP5 darcs-hash:20061009165557-7ad00-f35d44da296caf6fd85431520d600033402d9b2f.gz
* release candidate preparationAndreas Gohr2006-10-08
| | | | darcs-hash:20061008103152-7ad00-5a26c285c8d4899ab9b21a84d493671857d77a99.gz
* strip controlchars in fetch.php #935Andreas Gohr2006-10-08
| | | | | | Fixes a header injection/XSS vulnerability darcs-hash:20061008100523-7ad00-be06a942badb6a2a9ed862be003ee0050504b4b0.gz
* remove unused codeAndreas Gohr2006-10-08
| | | | | | | This patch removes some commented code fragments and alternative snippet generators darcs-hash:20061008090624-7ad00-14bfee2ded6c6c8ef43ad02a4c02a5d95ee9daf7.gz
* fixed images in email linksAndreas Gohr2006-10-08
| | | | darcs-hash:20061008074029-7ad00-8457873dd8ad2f5a36dc8f44eca42a4378e61e93.gz
* update p_get/set_metadata to use $INFO['meta']chris2006-10-04
| | | | | | | | | | | | | This patch updates p_get_metadata() to utilise the in memory copy copy of the current page's metadata ($INFO['meta']) when appropriate. The patch also updates p_set_metadata() to synchronise any changes to the current page's metadata with $INFO['meta']. $INFO hash is updated with two new elements: 'id' darcs-hash:20061004210030-9b6ab-7eab6f933a775fe350a1fb14d1118ea77d2db919.gz
* added draft-feature to tpl_actionlinkMichael Klier2006-10-06
| | | | darcs-hash:20061006113409-23886-166f573a8ae5c897011282ef22a581cea1dbce86.gz
* update config settings for dmode & fmodechris2006-10-06
| | | | | | | - change validation pattern to allow 3 or 4 octal digits and hence setting of SUID, SGID and sticky bit on systems which support them darcs-hash:20061005223141-9b6ab-80511ecc4780d6258f15f59087f9bab20d1f1340.gz
* better datachecking in install.phpAndreas Gohr2006-10-04
| | | | | | | | This patch automatically lowercases the superuser name like DokuWiki will do itself later on. It also fixes the email check and requires it to have at least an @ character. darcs-hash:20061004183516-7ad00-791df13131c2484cb08c840812688d83bdf807fa.gz
* always bind as superuser for getting userinfo (LDAP) #751Andreas Gohr2006-10-03
| | | | | | | Rebind as superuser even on a previous successful bind as normal user, when superuser credentials are available. LDAP access restrictions may need it. darcs-hash:20061003153018-7ad00-16a69e99f93433bd9e999086f8757a56f975a1ef.gz
* use DOKU_URL as key for sessions and auth cookie #896 #581 #884Andreas Gohr2006-10-03
| | | | | | | | | | This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define. DOKU_COOKIE is now used as session key as well, making sessions no longer dependend on the title option. This should fix problems with multiple wikis on the same host (using the same title) and wikis accessed through different URLs. darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz
* force rebind after opening new LDAP connection #751Andreas Gohr2006-10-03
| | | | | | | This patch sets the private bound variable back to false if a new connection is opened. darcs-hash:20061003104320-7ad00-24370bcdc7beff5db7d7f2e68ea180763699ca5c.gz
* add comment to tpl_indexerWebBug() call in default template main.phpchris2006-10-02
| | | | darcs-hash:20061002203925-9b6ab-ca7c87dc96fbc9572ef92a804d58715b0ab0b3e5.gz
* install.php updateschris2006-09-30
| | | | | | | | | | - add retry button (as suggested by Diego Georgini) - correct error color, from green to red (spotted by Diego Georgini) - add utf8_decode and utf8_encode to required function list, when mb_string functions are not available. - remove extra backslash from reported file names. darcs-hash:20060930170121-9b6ab-d7b4a455b01d28f35b8c69385639439eaca8944e.gz
* fix relBen Coburn2006-09-30
| | | | darcs-hash:20060930143719-05dcb-251992d688e64ed221dbfe3d9c198fae603e2531.gz
* release candidate preparationsAndreas Gohr2006-09-28
| | | | | | | | updated wwordblock.conf updated installer checksum increased msg num darcs-hash:20060928200451-7ad00-061feb181c7e91f736fb396db224e4ea9660effa.gz
* more utf8_substr improvements (re FS#891 and yesterday's patch)chris2006-09-28
| | | | | | | - rework utf8_substr() NOMBSTRING code to always use pcre - remove work around for utf8_substr() and large strings from ft_snippet() darcs-hash:20060928165122-9b6ab-0eefc216f07f9d7e7d8eb62ce26605c28ee340fa.gz
* unit_test fixes/changeschris2006-09-27
| | | | | | | | - auth_nameencode.test, add teardown code to clear new $cache_authname memory cache - utf8_substr.test, correct expected result for last test darcs-hash:20060927101118-9b6ab-a72ea443ba67e17946af34d67c274975d563a22f.gz
* Fix link in french translationGuy Brand gb@isis.u-strasbg.fr2006-09-27
| | | | darcs-hash:20060927091545-c47a2-f706a9e54e7450084ffb929b44c9a1b1707c4eef.gz
* utf8_substr fix for FS#891chris2006-09-27
| | | | darcs-hash:20060927033713-9b6ab-4b35e0a85b6d11d5a3a98858cd2f860b383ff153.gz
* security fixes for fetch.php #924 #962Andreas Gohr2006-09-26
| | | | | | Fixes a shell injection and a DOS vulnerability darcs-hash:20060926200551-7ad00-5ef27940dda6e48e7e2f8743fc90fa80b7b5cdff.gz
* wordblock enhancementAndreas Gohr2006-09-26
| | | | | | | | | | | | | | The default wordblock.conf provided by the guys at chonqed.org matches agaist URLS beginning with http. But DokuWiki also links simple www.example.com links. Spammers used this method to place blacklisted URLs in the Wiki. This patch constructs full URLs from these shortcut-URLs before applying the blacklist regexp. The patch also fixes a problem with the toolbar not appearing when the blacklist hit and denied saving. darcs-hash:20060926192420-7ad00-519df90a5953b690428bfa0928de37b3053031b0.gz
* amendments to previous patch updating rss & cachechris2006-09-25
| | | | | | | | | | | rss syntax extended to include a refresh parameter <digits><period> period can be d,h,m for days, hours, minutes respectively if not specified will default to 4 hours dokuwiki imposes a minimum of 10 minutes metadata now used "date valid age" (seconds) rather than "date valid end" darcs-hash:20060925201222-9b6ab-c8e6d8e40bb178295bab874fce5147ccff35fbbb.gz
* cache, metadata & purgefile updateschris2006-09-24
| | | | | | | | | | | | | | | | | | | Cache - add dependency for metadata renderer file - check metadata for end of page life, "date valid end". Metadata Renderer - RSS syntax mode now sets rendered page expiry, "date valid end" and includes the feed URL in "relation haspart". Purgefile For all wiki installations the purgefile records the earliest time before which no cache purge (based on data consistency) is required. Cache files older than this time MAY need to be purged. - remove purgeonadd configuration setting darcs-hash:20060924202157-9b6ab-4531e91411c41914eeab2b6a8160c3d46b001cee.gz
* remove metadebug again, improve doÞbug insteadAndreas Gohr2006-09-25
| | | | | | | This adds the complete $INFO array (contains the metadata) to the usual debug output and removes the metadebug parameter again. darcs-hash:20060925201052-7ad00-c9a15b921466803b3f2bd50b0d72211cf68658c5.gz
* metadebug parameter addedAndreas Gohr2006-09-25
| | | | | | | | With DokuWiki's reliance on certain page metadata, it is sometimes necessary to view the metadata of a page. This patch allows developers to append the parameter ?metadebug darcs-hash:20060925193202-7ad00-6a42c7458aaa1cc40df3c7a61ad70df5d64be152.gz
* don't link non-existing revisionsAndreas Gohr2006-09-25
| | | | | | | | The new changelog mechanism shows all revisions of a document, even if the old revisions are deleted (eg. by a maintenence script). This patch removes the links for non existing revisions. darcs-hash:20060925185434-7ad00-14a558ce69c4116e14d7fdfbaad052c6a7b0a4db.gz
* japanes language updateAndreas Gohr2006-09-25
| | | | darcs-hash:20060925182128-7ad00-99db9371c6986605eb4d990f819f09bf850ffaa1.gz
* fix problem with timezone in feed #424Andreas Gohr2006-09-24
| | | | darcs-hash:20060924195618-7ad00-47d67044c2d03eb9d90a7209fd23ab6c151c5e00.gz
* fixed script error introduced in last patchAndreas Gohr2006-09-24
| | | | darcs-hash:20060924175824-7ad00-f8a6b8e38ef62aab5c6853b1c355df34259ebb7c.gz
* doc updatesAndreas Gohr2006-09-24
| | | | darcs-hash:20060924171423-7ad00-9d01167d5611be6d354bbfdb17223bf5eb863ae6.gz
* progressbar script changeAndreas Gohr2006-09-24
| | | | | | | | The progressbar script used in the search accessed parts of the DOM before it was completely parsed which caused problems in IE. This patch moves back to document.write for outputting the image. darcs-hash:20060924170354-7ad00-1e0247b00fc4da4dd30301f4b9389ef727496c4a.gz
* update to previous changes cache patchchris2006-09-24
| | | | | | | | - fix potential array key collisions - restore ability to keep a minimum number ($conf['recent']) of recent changes irregardless of date of change darcs-hash:20060924162105-9b6ab-06350f04f9d9ac4c362f13787b682ef70887a1fc.gz
* fix for reversed RSS feeds #918Andreas Gohr2006-09-24
| | | | darcs-hash:20060924101329-7ad00-acff05b813c58ac7ddb98385c9970800af7aca6b.gz
* fix for sitemap creation with new compression option #919Andreas Gohr2006-09-24
| | | | darcs-hash:20060924100606-7ad00-7e0bc1fa7778669ac352f8d8994acbb7517323cd.gz
* fix recent changes cache orderingchris2006-09-24
| | | | | | | | | | This patch fixes a bug in indexer.php which resulted in the order of the recent changes cache being reversed each time it was trimmed. It also adds sorting to both getRecents() and runTrimRecentChanges() as a defensive measure against the order of the file being corrupted. darcs-hash:20060923235109-9b6ab-0f4062c1b02449cce9382426174cd22d71387e5a.gz
* p_get_first_heading simplificationchris2006-09-23
| | | | darcs-hash:20060923204905-9b6ab-da3e9751c07c1bd07cf6583ecc5d92c2ce95097c.gz
* minor bugfix and boring error removalchris2006-09-23
| | | | darcs-hash:20060923203609-9b6ab-ecca679faa254a29772868508050fcf3206b0814.gz
* add authname memory cachechris2006-09-23
| | | | | | | | actions which concern multiple pages (e.g. search, backlinks, recents) end up repeatedly encoding the current user's name and groups. This change caches the results of the encoding allowing them to be reused. darcs-hash:20060923161206-9b6ab-a3ec8f1c2ec284d84b9ff85cba1e56165b2967a7.gz
* utf8_stripspecials optimizationchris2006-09-23
| | | | | | | | | | | | | | | Add preconverted utf-8 string of special characters. The (once only) conversion of the special character unicode array into utf-8 occurs on every DokuWiki page view, irrespective of action or caching, and takes about one third of the time involved in delivering a wiki page straight from cache. The original unicode array has been left in place in the file to make any future amendments easier. darcs-hash:20060923151937-9b6ab-cae0340a95d9596415ef71d7b7e67ef9daca84ef.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-20 23:50:49 +0000