| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
| |
This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid information loss when a user logs in during
editing (eg in another tab).
|
| |
|
|
|
|
|
|
|
| |
This disables lock and draft creation for pages the user can't edit. It
additionally adds a security token to the draft creation and deletion
request so - at least for logged in users - drafts can't be created,
modified or deleted so easily anymore.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is opened,
thus this commit removes the enc setting from the modeline.
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| | |
The action handler for the sitemap now makes use of the sitemapper
methods for determining the filename and uses http conditional requests.
|
| |
| |
| |
| | |
This makes it possible to autoload the sitemapper when needed.
|
|/ |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
50e988b accidentally stopped act_dispatch from calling act_edit for locked
pages, thus showing a generic »page not writable« message instead of a
page lock message.
|
|\
| |
| |
| |
| | |
Conflicts:
inc/fulltext.php
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Classes are loaded throug PHP5's class autoloader, all other
includes are just loaded by default. This skips a lot of
require_once calls.
Parser and Plugin stuff isn't handled by the class loader yet.
|
| |
| |
| |
| |
| | |
The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template
has been read but before performing the template replacements.
|
| |
| |
| |
| |
| | |
Edit conflicts occur when a page has been edited since starting the current edit.
In order to detect them, the date of the newest revision is saved.
|
| | |
|
| | |
|
|/ |
|
|
|
|
|
|
| |
Ignore-this: e1b3b815b5ebb0da320bff997c4fed4b
darcs-hash:20091130130311-6e07b-03ccfc52abb3dcc0764eed5784d81f8416841328.gz
|
|
|
|
| |
darcs-hash:20091130093642-e4919-318eed562f0e7777d342dfbe4c8fc352eee58ddf.gz
|
|
|
|
| |
darcs-hash:20091127143223-e4919-023dd4bfab074c1206580649a2927958c28f38f5.gz
|
|
|
|
|
|
|
|
| |
Ignore-this: 9d6c368419814c7b8cb94f778377ede7
A few language strings were dropped, others updated or added
darcs-hash:20091123151813-6e07b-4d01fe03fa2c3bd5944bc05abdd05a24fb79c186.gz
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes of behaviour are:
* Allow the user name, title & description \e2\80\9c0\e2\80\9d
* Default to Port 443 if using HTTPS
* Set $INFO['isadmin'] and $INFO['ismanager'] to \e2\80\9cfalse\e2\80\9d even if no user is
logged in
* Do not pass empty fragment field in the event data for event
ACTION_SHOW_REDIRECT
* Handle chunked encoding in HTTPClient
darcs-hash:20091104100115-e4919-5cf6397d4a457e3f98a8ca49fbdab03f2147721d.gz
|
|
|
|
|
|
|
|
|
|
| |
Ignore-this: 9b6ef0179df729d4bc41c2d746965134
With MSIE's content-sniffing [1], the export_raw mode could be used for XSS
attacks against MSIE users. Sending the export as a download circumvents that.
[1] http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting
darcs-hash:20090929182832-7ad00-085deb3fa8cc939b55cd293a8f4780b4b170d2e6.gz
|
|
|
|
|
|
|
|
|
| |
Ignore-this: e3c9b5f941b2f1aa83ca375861203a2f
This patch adds another button for users with the $conf['manager'] role when
viewing an old revision. It allows them to revert to this revision with a
single click.
darcs-hash:20090911081833-7ad00-5a64feb7e3e1b37178295c290a6c97c3923e82e3.gz
|
|
|
|
|
|
| |
Ignore-this: 23dc9e7eda7fd430071d6de62c218842
darcs-hash:20090214114700-7ad00-67030b0174425844e54866612d5cd25a3af5bcf6.gz
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore-this: 37b33f575e4c0b31e4af93185bf74f0f
When IIS is running PHP in CGI mode it will not send cookie headers on 302
redirections. This is a known bug (KB176113).
This patch will detect affected servers. Instead of a 302 redirect a Refresh:
header is issued. This is supported by all known browsers should have the same
effect as a real redirect.
darcs-hash:20090127204506-7ad00-ce474f3b0db003e86e09d5e9a9bd7c96887ac01c.gz
|
|
|
|
| |
darcs-hash:20081226161244-7ad00-8c843ea6a06a0d36fc322d109497239ab6ea229c.gz
|
|
|
|
| |
darcs-hash:20081213090400-7ad00-4e21cd75978bb07513f32f5d750658e8d777c59e.gz
|
|
|
|
|
|
|
|
| |
This patch enhances the creation of section IDs for number only headlines. It
also moves section ID creation to a function in pageutils.php removing some
duplicate functionality in inc/action.php
darcs-hash:20081201215539-7ad00-48f3c153a2c126d9fb06aa90e4f1b857f76ebec7.gz
|
|
|
|
| |
darcs-hash:20081121203311-f7d6d-5cf707afd1c1c4a0d0efc664855cda65233163a2.gz
|
|
|
|
| |
darcs-hash:20081117154409-23886-d0ad833c6bcf96bcc54f6998397de90ff07b7686.gz
|