summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
...
| | * | | | | Ooops...forgot to commit test cases for #897.LarsDW2232014-10-15
| | | | | | |
| | * | | | | Fixed JavaScript compression. The compressor did not recognize a regular ↵LarsDW2232014-10-15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | expression after a '&&' ot '||' operator. So it could happen that code had been cut off if the regular expression included '\//' (which was treated as a single line comment because of the regular expression not being recognized). Finally fixes #897.
| * | | | | | Merge pull request #905 from dokuwiki-translate/lang_update_70Andreas Gohr2014-10-16
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | Translation update (eu)
| | * | | | | | translation updateYadav Gowda2014-10-15
| |/ / / / / /
| * | | | | | new PHP minimum requirement is now 5.3.3Andreas Gohr2014-10-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | that's the version in Debian old stable
| * | | | | | Merge pull request #880 from Dr-Yukon/patch-3Andreas Gohr2014-10-14
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | Update index.php
| | * | | | | | Update index.phpRainbow Spike2014-10-01
| | | | | | | | | | | | | | | | | | | | | | | | 1 typo
| * | | | | | | Merge pull request #879 from Dr-Yukon/patch-2Andreas Gohr2014-10-14
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Update lang.php
| | * | | | | | | Update lang.phpRainbow Spike2014-10-01
| | |/ / / / / / | | | | | | | | | | | | | | | | Microfix
| * | | | | | | Merge pull request #876 from dokuwiki-translate/lang_update_53Andreas Gohr2014-10-14
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Translation update (hr)
| | * | | | | | | translation updateDavor Turkalj2014-09-30
| | |/ / / / / /
| * | | | | | | Merge pull request #898 from Werkov/masterAndreas Gohr2014-10-14
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | AUTH_USER_CHANGE handler can modify passed data
| | * | | | | | | AUTH_USER_CHANGE handler can modify passed dataMichal Koutný2014-10-13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Originally AUTH_USER_CHANGE handler could modify the user data, however, auth plugin consequently worked with different copy of the array thus effectively preventing any changes by the AUTH_USER_CHANGE implementer.
| * | | | | | | | another fix for broken gzlib linking #865Andreas Gohr2014-10-14
| | | | | | | | |
| * | | | | | | | use its own cache file per versionsAndreas Gohr2014-10-14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | this ensures there will be never, ever an outdated update message shown after upgrade.
| * | | | | | | | Merge pull request #895 from projectgus/masterAndreas Gohr2014-10-14
| |\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | Fix for update messages never completely going away
| | * | | | | | | | Fix for update messages never completely going awayAngus Gratton2014-10-11
| | |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The existing logic for messages.txt requires some valid update response (ending in %) to the messages update check before it clears the current messages. However update.dokuwiki.org appears to return an empty string response if everything is up to date. (ie http://update.dokuwiki.org/check/46.1 ) As a result if there are update messages in messages.txt they don't automatically go away after updating to the current version. The only time they change is when a newer release comes out. The upgrade plugin has logic in it to force a re-download of messages.txt, but currently this just re-downloads the old update messages. This change explicitly allows for "" as a valid "no messages" indicator (distinct from false, which is the HTTP error indicator.)
| * | | | | | | | Merge pull request #901 from LarsGit223/masterAndreas Gohr2014-10-14
| |\ \ \ \ \ \ \ \ | | | |_|/ / / / / | | |/| | | | | | Corrected compression for ++ and -- operator. Partially fixes #897.
| | * | | | | | | Corrected compression for ++ and -- operator. Partially fixes #897.LarsDW2232014-10-14
| | |/ / / / / /
| * | | | | | | Merge pull request #896 from splitbrain/lessmorecommentsAndreas Gohr2014-10-14
| |\ \ \ \ \ \ \ | | |/ / / / / / | |/| | | | | | preserve comments in less if 'compress' config disabled
| | * | | | | | preserve comments in less if 'compress' config disabledGerrit Uitslag2014-10-11
| | | |_|_|/ / | | |/| | | | | | | | | | | | | | | | | | Otherwise comments are never visible in css.php
| * | | | | | Merge pull request #889 from dokuwiki-translate/lang_update_62Andreas Gohr2014-10-08
| |\ \ \ \ \ \ | | | | | | | | | | | | | | | | Translation update (ko)
| | * | | | | | translation updateMyeongjin2014-10-08
| |/ / / / / /
| | | | * | | scrutiner issuesGerrit Uitslag2014-10-03
| | | | | | |
| | | | * | | Update IXR lib from 1.61 to 1.7.4 + WP improvementsGerrit Uitslag2014-10-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update to latest Incutio XML-RPC Library include also some Wordpress improvements (see for more details the log of the lib as included in WP: https://core.trac.wordpress.org/log/trunk/src/wp-includes/class-IXR.php )
| | | | * | | Reformatting IXR libraryGerrit Uitslag2014-10-02
| | | | | | |
| | | | * | | PHPDocsGerrit Uitslag2014-10-02
| | | | | | |
| | | | * | | PHPDocs and some improvementsGerrit Uitslag2014-10-02
| | | | | | |
| | | | * | | more phpdocs and minor checkGerrit Uitslag2014-10-01
| | | | | | |
| | | | * | | more PHPDocs, unused var, small bit code reformattingGerrit Uitslag2014-10-01
| | | | | | |
| | | | * | | Many PHPDocs, some unused and dyn declared varsGerrit Uitslag2014-10-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | many PHPDocs some unused variables some dynamically declared variables declared
| | | | * | | more scrutinizer issue improvementsGerrit Uitslag2014-09-29
| | | | | | |
| | | | * | | scrutinizer documentations issuesGerrit Uitslag2014-09-29
| | | |/ / / | | |/| | |
| | | | * | Merge branch 'master' of https://github.com/splitbrain/dokuwikiGerry Weißbach2014-08-29
| | | | |\ \
| | | | * | | rfc2231 compatible encoding for header()Gerry Weißbach2014-08-29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is only used in the filename header field and ensures correct interpretation of an encoded filename. This is will be needed especially for download of files with umlauts with an Internet Explorer.
| | | | * | | Merge remote-tracking branch 'splitbrain/master'Gerry Weißbach2014-07-16
| | | | |\ \ \
| | | | * | | | Check for basedir and baseurlGerry Weißbach2014-06-30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If these configuration values are not set php will throw an unnecessary NOTICE.
| | | | | | | * Revert "add TEMPLATE_SITETOOLS_DISPLAY and TEMPLATE_USERTOOLS_DISPLAY basing ↵ghi2015-02-17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | on Starter template" This reverts commit 362a4f084345b496ab6b155db3ec50cad3939d0e.
| | | | | | | * add TEMPLATE_SITETOOLS_DISPLAY and TEMPLATE_USERTOOLS_DISPLAY basing on ↵Szymon Olewniczak2013-12-10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Starter template
* | | | | | | | Hotfix Release 2014-09-29d "Hrun"Guy Brand2015-03-19
| | | | | | | |
* | | | | | | | SECURITY escape user properties in user manager #1081Andreas Gohr2015-03-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The user properties (login, real name, etc) where not properly escaped in the user manager's edit form. This allowed a XSS attack on the superuser by registered users. Thanks to Filippo Cavallarin from www.segment.technology for discovering this bug.
* | | | | | | | Hotfix release 2014-09-29c "Hrun"Guy Brand2015-02-24
| | | | | | | |
* | | | | | | | check permissions in ACL plugin's RPC API component. #1056Andreas Gohr2015-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fix Severity: Medium Type: Remote Priviledge Escalation Remote: yes Vulnerability Details: This fixes a security hole in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also had permissions to set up their own ACL rules and thus circumventing any existing rules. Risk Assessment: The XMLRPC API in DokuWiki is marked experimental and off by default. It also implements an additional safeguard by giving access to a configured circle of users and groups only. So only a minor number of DokuWiki installations will be affected at all. For affected installations the risk is high if users with access to the API are not to be trusted. Thus the overall severity of medium. Resolution: Installations applying this commit are safe. A hotfix is about to be released. Meanwhile users are advised to disable the XMLRPC API in the config manager.
* | | | | | | | Hotfix Release 2014-09-29b "Hrun"Guy Brand2014-12-03
| | | | | | | |
* | | | | | | | disable flash uploading by defaultAndreas Gohr2014-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Thanks to Kacper Szurek for reporting this
* | | | | | | | Hotfix Release 2014-09-29a "Hrun"Guy Brand2014-10-08
| | | | | | | |
* | | | | | | | Merge branch 'master' into stableGuy Brand2014-10-08
|\| | | | | | |
| * | | | | | | Release preparationGuy Brand2014-10-08
| | | | | | | |
| * | | | | | | Merge pull request #886 from splitbrain/chris_pcre66_bugChristopher Smith2014-10-07
| |\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Fix for issues #877 & #885 related to a bug in PCRE 6.6
| | * | | | | | | escaping backslash should be included in split itemsChristopher Smith2014-10-04
| | | | | | | | |
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-12 22:34:50 +0000