Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | replaced use of basename() with utf8_basename() FS#2015 | Andreas Gohr | 2012-07-28 |
| | |||
* | changed all doctypes to html5 doctype | Anika Henke | 2012-07-14 |
| | |||
* | Fix act_validate() | Martin Doucha | 2012-07-06 |
| | |||
* | Split act_clean() into two functions so that plugins may use action | Martin Doucha | 2012-07-06 |
| | | | | string sanitization even for their own new actions | ||
* | Input wrapper for action.php | Tom N Harris | 2012-06-27 |
| | |||
* | Fix for FS#2522 / Now all places of $lang['restored'] are covered with the ↵ | lupo49 | 2012-06-10 |
| | | | | restored-date information | ||
* | don't rely on metadata for conflict detection | Andreas Gohr | 2012-05-22 |
| | | | | | This also fixes a problem wiht PHP 5.4 when there is metadata but the date key is empty. | ||
* | Restore page versions - add timestamp of the restored version to to the ↵ | lupo49 | 2012-05-08 |
| | | | | | | summary field. This allows easier identifying of which version has been restored. (FS#2522) | ||
* | Remove references to (un)?subscribens. | Adrian Lang | 2011-10-30 |
| | |||
* | bind security token to username | Andreas Gohr | 2011-10-15 |
| | | | | | | | This makes the security token more robust agains session fixation attacks. A CSRF warning will no longer abort a page save but lead to the preview mode to avoid information loss when a user logs in during editing (eg in another tab). | ||
* | fullscreen media manager | Kate Arzamastseva | 2011-06-09 |
| | |||
* | Check permissions + security token in lock + draft modification FS#2265 | Michael Hamann | 2011-05-24 |
| | | | | | | | This disables lock and draft creation for pages the user can't edit. It additionally adds a security token to the draft creation and deletion request so - at least for logged in users - drafts can't be created, modified or deleted so easily anymore. | ||
* | execute edit action when draft was specified but no draft exists FS#2240 | Andreas Gohr | 2011-05-02 |
| | |||
* | check manager/admin role earlier for admin plugins FS#2180 | Andreas Gohr | 2011-03-04 |
| | |||
* | deleted redundant line | Anika Henke | 2011-02-22 |
| | |||
* | Change sitemap filename to sitemap.xml(.gz). Closes FS#2127 | Guillaume Turri | 2011-01-03 |
| | |||
* | Delete superfluous assignment created by the last commit | Michael Hamann | 2010-12-13 |
| | |||
* | Copy changes from ajax_lock to act_draftsave | Michael Hamann | 2010-12-12 |
| | |||
* | Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3 | Michael Hamann | 2010-11-29 |
| | | | | | | As of VIM 7.3 it is no longer possible to specify the encoding in the modeline. This gives an error message whenever such a file is opened, thus this commit removes the enc setting from the modeline. | ||
* | Send 403 header for permission denied screens when send404 is enabled | Robin Getz | 2010-11-20 |
| | |||
* | Handle do=check before ACL checking | Robin Getz | 2010-11-20 |
| | |||
* | Merge remote branch 'origin/master' into sitemap | Michael Hamann | 2010-10-10 |
|\ | |||
| * | Add back globals for templates | Adrian Lang | 2010-09-29 |
| | | |||
| * | Small fixes / cleanup | Adrian Lang | 2010-09-28 |
| | | |||
* | | Action handler for sitemaps improved | Michael Hamann | 2010-09-22 |
| | | | | | | | | | | The action handler for the sitemap now makes use of the sitemapper methods for determining the filename and uses http conditional requests. | ||
* | | Transformed the sitemapper into a class | Michael Hamann | 2010-09-22 |
| | | | | | | | | This makes it possible to autoload the sitemapper when needed. | ||
* | | Sitemap rewrite | Michael Hamann | 2010-09-22 |
|/ | |||
* | make use of tpl_get_action in tpl_actiondropdown FS#2005 | Andreas Gohr | 2010-08-27 |
| | |||
* | do not require special permissions to look at index FS#1720 | Andreas Gohr | 2010-06-27 |
| | |||
* | check for user in act_subscription FS#1935 | Andreas Gohr | 2010-06-26 |
| | |||
* | msgs are saved in send_redirect now, less code duplication needed | Andreas Gohr | 2010-06-13 |
| | |||
* | Let actionOK detect auth backend capabilities | Adrian Lang | 2010-05-17 |
| | |||
* | Call act_edit for locked pages | Adrian Lang | 2010-03-29 |
| | | | | | | 50e988b accidentally stopped act_dispatch from calling act_edit for locked pages, thus showing a generic »page not writable« message instead of a page lock message. | ||
* | Merge branch 'requireall' | Andreas Gohr | 2010-03-12 |
|\ | | | | | | | | | Conflicts: inc/fulltext.php | ||
| * | removed more unneeded require_once() calls | Andreas Gohr | 2010-02-01 |
| | | |||
| * | first attempt to centralize all include loading | Andreas Gohr | 2010-01-31 |
| | | | | | | | | | | | | | | | | Classes are loaded throug PHP5's class autoloader, all other includes are just loaded by default. This skips a lot of require_once calls. Parser and Plugin stuff isn't handled by the class loader yet. | ||
* | | Move & rename HTML_PAGE_FROMTEMPLATE to common.php | Adrian Lang | 2010-03-10 |
| | | | | | | | | | | The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template has been read but before performing the template replacements. | ||
* | | Correct edit conflict detection | Adrian Lang | 2010-03-10 |
| | | | | | | | | | | Edit conflicts occur when a page has been edited since starting the current edit. In order to detect them, the date of the newest revision is saved. | ||
* | | Remove wordblock action, issue a msg instead | Adrian Lang | 2010-03-09 |
| | | |||
* | | Move data preprocessing out of html_edit | Adrian Lang | 2010-03-09 |
| | | |||
* | | Add security token to subscription manage page | Adrian Lang | 2010-02-09 |
|/ | |||
* | nicer subscription styles | Andreas Gohr | 2010-01-20 |
| | | | | | | Ignore-this: e1b3b815b5ebb0da320bff997c4fed4b darcs-hash:20091130130311-6e07b-03ccfc52abb3dcc0764eed5784d81f8416841328.gz | ||
* | Add redirect after successful subscription | Adrian Lang | 2010-01-20 |
| | | | | darcs-hash:20091130093642-e4919-318eed562f0e7777d342dfbe4c8fc352eee58ddf.gz | ||
* | Fix subscription data validation bug (pass by ref) | Adrian Lang | 2010-01-20 |
| | | | | darcs-hash:20091127143223-e4919-023dd4bfab074c1206580649a2927958c28f38f5.gz | ||
* | Some language changes in subscription management | Andreas Gohr | 2010-01-20 |
| | | | | | | | | Ignore-this: 9d6c368419814c7b8cb94f778377ede7 A few language strings were dropped, others updated or added darcs-hash:20091123151813-6e07b-4d01fe03fa2c3bd5944bc05abdd05a24fb79c186.gz | ||
* | Add events to subscription. | Adrian Lang | 2010-01-20 |
| | |||
* | New mail subscription with digest | Adrian Lang | 2010-01-20 |
| | |||
* | some more coding standard compliance updates | Andreas Gohr | 2010-01-15 |
| | |||
* | Emit less E_NOTICEs and E_STRICTs | Adrian Lang | 2009-11-04 |
| | | | | | | | | | | | | | Changes of behaviour are: * Allow the user name, title & description \e2\80\9c0\e2\80\9d * Default to Port 443 if using HTTPS * Set $INFO['isadmin'] and $INFO['ismanager'] to \e2\80\9cfalse\e2\80\9d even if no user is logged in * Do not pass empty fragment field in the event data for event ACTION_SHOW_REDIRECT * Handle chunked encoding in HTTPClient darcs-hash:20091104100115-e4919-5cf6397d4a457e3f98a8ca49fbdab03f2147721d.gz | ||
* | Send export_raw as attachement to avoid IE's content sniffing [security] | Andreas Gohr | 2009-09-29 |
| | | | | | | | | | | Ignore-this: 9b6ef0179df729d4bc41c2d746965134 With MSIE's content-sniffing [1], the export_raw mode could be used for XSS attacks against MSIE users. Sending the export as a download circumvents that. [1] http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting darcs-hash:20090929182832-7ad00-085deb3fa8cc939b55cd293a8f4780b4b170d2e6.gz |