| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
| |
Since Chrome 37, they send differen accept encodings for POST and GET
requests which will break BrowserUID checks as reported in
cosmocode/dokuwiki-plugin-oauth/issues/3
See https://code.google.com/p/chromium/issues/detail?id=410559 for
official bug report at Google
|
| |\
| |
| | |
clean user credentials from control chars
|
| | |
| |
| |
| |
| | |
When a username but no password is submitted, the login is denied right
away instead of relying on the backend to refuse the login.
|
| | |
| |
| |
| |
| |
| | |
This is to prevent zero byte attacks on external auth systems as
described in
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* origin/auth_getUserData_improvements:
KISS - remove class constants for REQUIRE_GROUPS & IGNORE_GROUPS and replace with boolean values
use $requireGroups constants in auth classes; comments; code improvements
fix comment errors, sp. & grammar
code styling - add missing braces
Allow user info to be retrieved without groups
Restore correct public interface of getUserData() for authldap plugin
Conflicts:
inc/common.php
|
| | | |
| | |
| | |
| | | |
with boolean values
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some parts of dokuwiki (e.g. recent changes, old revisions) can
requests lots of user info (to provide editor names) without
requiring any group information.
This change also implements caching of user info by authmysql &
authpgsql plugins to avoid repeated querying of the DB to retrieve
the same user information.
|
| | |/
|/| |
|
| |/
|
|
|
| |
the triggered event did not allow event handlers to change the passed
data
|
| | |
|
| | |
|
| |
|
|
| |
- moved cookiedir determination in the if-statement
|
| | |
|
| |
|
|
|
| |
allows to modify ACL results in the AFTER event or to implement a
completely different ACL mechanism in the BEFORE event.
|
| | |
|
| |
|
|
| |
\!empty/empty/isset as appropriate
|
| | |
|
| |
|
|
|
| |
Removed extraneous whitespace to eliminate errors reported by the
Squiz.WhiteSpace.SuperfluousWhitespace sniff.
|
| |
|
|
| |
Change indentation to ensure code confirms to CodeSniffer rules.
|
| |
|
|
|
| |
Remove whitespace from end of lines to reduce the number of CodeSniffer
violations.
|
| |
|
|
|
|
|
|
|
| |
- %GROUP% & %USER% can now both be used in the same rule, e.g.
%GROUP%:%USER% 2
- rules with tokens will be skipped when the user is not logged in
previously %USER% was attempted
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| | |
pull-request-245
* 'FS#2751' of git://github.com/splitbrain/dokuwiki:
coding corrections. correct type hint, remove unused variable assignment
de/de-informal: localization updates (delete user function)
unit tests for self deleting of user accounts
FS#2751 - self deletion of user account
|
| | | |
|
| | | |
|
| |\ \
| | |
| | | |
HTML5isation of some forms
|
| | |/
| |
| |
| |
| |
| |
| |
| | |
form.
The current message confusingly mentions bad 'username' when username is not involved. The
new message is the same as that introduced for an incorrect current password on the self
delete profile form (FS#2751)
|
| | |
| |
| |
| |
| |
| |
| | |
Added an explanation that what we do is like normal CBC but that we
additionally encrypt the IV which is actually suggested by the NIST for
non-random (but unique) IVs. In the decryption process it's not
necessary to decrypt the IV, this should save some time.
|
| | | |
|
| | |
| |
| |
| |
| | |
This replaces the deprecated and broken Blowfish implementation that has
previously been used and should provide a lot more security.
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
|
| |
If you want better random initialization and more control over the
password strength install the passpolicy plugin.
|
| | |
|
| |
|
|
|
| |
This is needed to replace the password generator by a plugin
implementation. Related to PR #166 and FS#2147
|
| |
|
|
|
|
| |
No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (random) independent from each other.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This adds $INPUT in all places where it was still missing and available.
$INPUT is now also used in places where using $_REQUEST/... was okay in
order to make the code consistent.
|
| |
|
|
|
|
|
|
|
| |
In the case of a failed authentication initialization, the
authentication setup was simply continued with an unset $auth object.
This restores the previous behavior (before merging #141) of simply
returning after unsetting $auth. Furthermore this re-introduces the
check if $auth is set before checking $auth and removes a useless
check if $auth is true (could never be false).
|
| |
|
|
| |
IE9 send different HTTP_ACCEPT_LANGUAGE header on ajax request. This causes different results from auth_browseruid. This patch removes the HTTP_ACCEPT_LANGUAGE from the browser id calculation.
|
| |
|
|
|
|
|
| |
It seems, some servers require a special Status: header for sending the
HTTP status code from PHP (F)CGI to the server. This patch introduces a
new function (adopted from CodeIgniter) for simplifying the status
handling.
|
| |\
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* master: (162 commits)
fixed revision JS for images
upgraded SimplePie to 1.3.1 FS#2708
removed obsolete browser plugin (migrate does it)
adjust spacing to match standard 1.4em grid
added comment on use of whitelist vs blacklist
Updated idfilter() function for IIS
use var and remove suggestions when needed Use variable for maximum number of suggestions for quicksearch. And hide suggestions when search field is emptied, or when no suggestion are found.
added 'home' class to first link in hierarchical breadcrumbs
reduced required max width to go into tablet mode
re-added linear gradients for firefox
added missing styling for disabled form elements (FS#2705)
fixed acronyms in italics (FS#2684)
improved print styles (includes fixes for FS#2645 and FS#2707)
basic styles improvements
Greek language update
Use list in acl help text, for more structure
Galician language update
touch the config on save, even if no changes were made
unwind the width narrowing commit
put some whitespace between form submit button and fieldset bottom border
...
Conflicts:
lib/plugins/config/admin.php
lib/plugins/config/settings/config.class.php
|
| | |\
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
* subscription: (25 commits)
link directly to subscription management in mails
only use mailfromnobody for bulk mails
added missing context for list mails
readded mailfromnobody to subscription sending
correctly escape diffs in HTML mails
fixed lists in HTML mails
simplified subscription->add() code a bit
comment adjusted
removed unused vars
removed data parameter in subscription_handle_post()
fixed tests
some reformatting
added compatibility function
moved registration notification to subscription class
fixed merge error in inc/auth.php
consolidate more notification code in subscription class
minor cleanup
initialize new subscriptions with current time
fixed subscription management
correctly check if subscriptions are enabled
...
|
| | | | |
|
| | | |
| | |
| | |
| | | |
merged the wrong change here
|
