summaryrefslogtreecommitdiff
path: root/inc/actions.php
Commit message (Collapse)AuthorAge
* replaced use of basename() with utf8_basename() FS#2015Andreas Gohr2012-07-28
|
* changed all doctypes to html5 doctypeAnika Henke2012-07-14
|
* Fix act_validate()Martin Doucha2012-07-06
|
* Split act_clean() into two functions so that plugins may use actionMartin Doucha2012-07-06
| | | | string sanitization even for their own new actions
* Input wrapper for action.phpTom N Harris2012-06-27
|
* Fix for FS#2522 / Now all places of $lang['restored'] are covered with the ↵lupo492012-06-10
| | | | restored-date information
* don't rely on metadata for conflict detectionAndreas Gohr2012-05-22
| | | | | This also fixes a problem wiht PHP 5.4 when there is metadata but the date key is empty.
* Restore page versions - add timestamp of the restored version to to the ↵lupo492012-05-08
| | | | | | summary field. This allows easier identifying of which version has been restored. (FS#2522)
* Remove references to (un)?subscribens.Adrian Lang2011-10-30
|
* bind security token to usernameAndreas Gohr2011-10-15
| | | | | | | This makes the security token more robust agains session fixation attacks. A CSRF warning will no longer abort a page save but lead to the preview mode to avoid information loss when a user logs in during editing (eg in another tab).
* fullscreen media managerKate Arzamastseva2011-06-09
|
* Check permissions + security token in lock + draft modification FS#2265Michael Hamann2011-05-24
| | | | | | | This disables lock and draft creation for pages the user can't edit. It additionally adds a security token to the draft creation and deletion request so - at least for logged in users - drafts can't be created, modified or deleted so easily anymore.
* execute edit action when draft was specified but no draft exists FS#2240Andreas Gohr2011-05-02
|
* check manager/admin role earlier for admin plugins FS#2180Andreas Gohr2011-03-04
|
* deleted redundant lineAnika Henke2011-02-22
|
* Change sitemap filename to sitemap.xml(.gz). Closes FS#2127Guillaume Turri2011-01-03
|
* Delete superfluous assignment created by the last commitMichael Hamann2010-12-13
|
* Copy changes from ajax_lock to act_draftsaveMichael Hamann2010-12-12
|
* Remove enc=utf-8 in VIM modeline as it is not allowed in VIM 7.3Michael Hamann2010-11-29
| | | | | | As of VIM 7.3 it is no longer possible to specify the encoding in the modeline. This gives an error message whenever such a file is opened, thus this commit removes the enc setting from the modeline.
* Send 403 header for permission denied screens when send404 is enabledRobin Getz2010-11-20
|
* Handle do=check before ACL checkingRobin Getz2010-11-20
|
* Merge remote branch 'origin/master' into sitemapMichael Hamann2010-10-10
|\
| * Add back globals for templatesAdrian Lang2010-09-29
| |
| * Small fixes / cleanupAdrian Lang2010-09-28
| |
* | Action handler for sitemaps improvedMichael Hamann2010-09-22
| | | | | | | | | | The action handler for the sitemap now makes use of the sitemapper methods for determining the filename and uses http conditional requests.
* | Transformed the sitemapper into a classMichael Hamann2010-09-22
| | | | | | | | This makes it possible to autoload the sitemapper when needed.
* | Sitemap rewriteMichael Hamann2010-09-22
|/
* make use of tpl_get_action in tpl_actiondropdown FS#2005Andreas Gohr2010-08-27
|
* do not require special permissions to look at index FS#1720Andreas Gohr2010-06-27
|
* check for user in act_subscription FS#1935Andreas Gohr2010-06-26
|
* msgs are saved in send_redirect now, less code duplication neededAndreas Gohr2010-06-13
|
* Let actionOK detect auth backend capabilitiesAdrian Lang2010-05-17
|
* Call act_edit for locked pagesAdrian Lang2010-03-29
| | | | | | 50e988b accidentally stopped act_dispatch from calling act_edit for locked pages, thus showing a generic »page not writable« message instead of a page lock message.
* Merge branch 'requireall'Andreas Gohr2010-03-12
|\ | | | | | | | | Conflicts: inc/fulltext.php
| * removed more unneeded require_once() callsAndreas Gohr2010-02-01
| |
| * first attempt to centralize all include loadingAndreas Gohr2010-01-31
| | | | | | | | | | | | | | | | Classes are loaded throug PHP5's class autoloader, all other includes are just loaded by default. This skips a lot of require_once calls. Parser and Plugin stuff isn't handled by the class loader yet.
* | Move & rename HTML_PAGE_FROMTEMPLATE to common.phpAdrian Lang2010-03-10
| | | | | | | | | | The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template has been read but before performing the template replacements.
* | Correct edit conflict detectionAdrian Lang2010-03-10
| | | | | | | | | | Edit conflicts occur when a page has been edited since starting the current edit. In order to detect them, the date of the newest revision is saved.
* | Remove wordblock action, issue a msg insteadAdrian Lang2010-03-09
| |
* | Move data preprocessing out of html_editAdrian Lang2010-03-09
| |
* | Add security token to subscription manage pageAdrian Lang2010-02-09
|/
* nicer subscription stylesAndreas Gohr2010-01-20
| | | | | | Ignore-this: e1b3b815b5ebb0da320bff997c4fed4b darcs-hash:20091130130311-6e07b-03ccfc52abb3dcc0764eed5784d81f8416841328.gz
* Add redirect after successful subscriptionAdrian Lang2010-01-20
| | | | darcs-hash:20091130093642-e4919-318eed562f0e7777d342dfbe4c8fc352eee58ddf.gz
* Fix subscription data validation bug (pass by ref)Adrian Lang2010-01-20
| | | | darcs-hash:20091127143223-e4919-023dd4bfab074c1206580649a2927958c28f38f5.gz
* Some language changes in subscription managementAndreas Gohr2010-01-20
| | | | | | | | Ignore-this: 9d6c368419814c7b8cb94f778377ede7 A few language strings were dropped, others updated or added darcs-hash:20091123151813-6e07b-4d01fe03fa2c3bd5944bc05abdd05a24fb79c186.gz
* Add events to subscription.Adrian Lang2010-01-20
|
* New mail subscription with digestAdrian Lang2010-01-20
|
* some more coding standard compliance updatesAndreas Gohr2010-01-15
|
* Emit less E_NOTICEs and E_STRICTsAdrian Lang2009-11-04
| | | | | | | | | | | | | Changes of behaviour are: * Allow the user name, title & description \e2\80\9c0\e2\80\9d * Default to Port 443 if using HTTPS * Set $INFO['isadmin'] and $INFO['ismanager'] to \e2\80\9cfalse\e2\80\9d even if no user is logged in * Do not pass empty fragment field in the event data for event ACTION_SHOW_REDIRECT * Handle chunked encoding in HTTPClient darcs-hash:20091104100115-e4919-5cf6397d4a457e3f98a8ca49fbdab03f2147721d.gz
* Send export_raw as attachement to avoid IE's content sniffing [security]Andreas Gohr2009-09-29
| | | | | | | | | | Ignore-this: 9b6ef0179df729d4bc41c2d746965134 With MSIE's content-sniffing [1], the export_raw mode could be used for XSS attacks against MSIE users. Sending the export as a download circumvents that. [1] http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting darcs-hash:20090929182832-7ad00-085deb3fa8cc939b55cd293a8f4780b4b170d2e6.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-22 12:40:34 +0000