| Commit message (Collapse) | Author | Age |
| |
|
|\
| |
| |
| |
| |
| |
| | |
Conflicts:
inc/fulltext.php
inc/indexer.php
lib/exe/indexer.php
|
| |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* XML-RPC now correctly allows leading and trailing _
* Error messages from XML-RPC are correct
* MEDIA_UPLOAD_FINISH has a sixth param specifying the move function
* Not having upload rights when using media_upload throws a msg
|
| |
| |
| |
| |
| |
| |
| |
| | |
Functionality changes:
* deleteAttachment now triggers MEDIA_DELETE_FILE (closes FS#1568)
* deletion success msg in mediamanager is correct, even when the ns dir
was deleted
* media_delete changed quite a bit
|
|\|
| |
| |
| |
| |
| |
| | |
Conflicts:
inc/fulltext.php
inc/indexer.php
lib/exe/indexer.php
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For locks and getRevisions there hasn't been any acl check. In many
other cases the id hadn't been cleaned before the acl check was done
which means that many acl rules that should be applied weren't applied.
So e.g. when you have read permissions for the root namespace but not
for a subnamespace you could add a leading ":" and the permissions for
the root namespace will be used instead of the permissions for the
subnamespace. This did not apply to writing pages and reading media
files, but writing and deleting media files have been concerned as well
as reading both plain and html versions of pages.
This only concerns installations where XML-RPC is enabled (default is
disabled) and XML-RPC is allowed for all or untrusted users.
|
| |
| |
| |
| |
| |
| | |
As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is opened,
thus this commit removes the enc setting from the modeline.
|
| | |
|
| | |
|
|/ |
|
| |
|
| |
|
| |
|
|
|
|
| |
$data
|
|
|
|
|
|
|
|
|
|
|
|
| |
Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.
|
|\
| |
| |
| |
| | |
Conflicts:
inc/fulltext.php
|
| | |
|
| |
| |
| |
| |
| | |
The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template
has been read but before performing the template replacements.
|
|/ |
|
|
|
|
|
|
|
|
| |
Ignore-this: f43d3f070cfae4040e0e70648d0e541a
The XMLRPC backend will not trim whitespaces or newlines from string values
anymore.
darcs-hash:20091219151652-7ad00-94d6cb26ff6396e09f107cf09dccb5423680c5c9.gz
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore-this: 517a7546aab86c5370cccf1aa2171490
Parameters passed to dokuwiki.getPagelist and wiki.getAttachments could
contain the option "skipacl" which would prevent ACL checking. This
could leak information about usually non-readable files (like filenames,
sizes and so on). The content of the files was not accessible.
XMLRPC is disabled by default.
darcs-hash:20091116220523-7ad00-0fa8a9a7a52076619c6836738f9a1f00a6dafe27.gz
|
|
|
|
|
|
|
|
|
| |
Ignore-this: 1370cee84d44bb35ae7c0c988ed8f1ff
This patch adds a config option to define users or groups that may access
the XMLRPC API. ACLs are still checked on top of this intial access control.
darcs-hash:20090516114351-7ad00-155fb6c74c29f5f84e79544a534369eec0403ff0.gz
|
|
|
|
|
|
| |
Ignore-this: c7d706a81320fb2bf80a399e5fcc259a
darcs-hash:20090308112249-7ad00-488e7b5cc87ad3727a161b9625892709d4f25fc0.gz
|
|
|
|
|
|
|
|
|
|
|
|
| |
A simple version number was added to the XMLRPC API to make it
easy for clients to check if the remote endpoint supports certain
features.
The login function will take credentials and set cookies on
successful login. This is useful when HTTP Basic auth is not
available.
darcs-hash:20090303193608-7ad00-45b1cd7a5165656796df25ed5c4ebc6e8ef7f95a.gz
|
|
|
|
|
|
| |
Ignore-this: 6477d59a1da2f51295326537fa8e14bf
darcs-hash:20090227220304-074e0-24e77eb6641c0b43c30a941146487facf2f2277f.gz
|
|
|
|
|
|
|
| |
Some parameters of media_search where changed, parts using this function
need to be identified and fixed.
darcs-hash:20090223172746-7ad00-d07951739fba17d0c8925b28b947f7cbb7fc7e1a.gz
|
|
|
|
|
|
| |
Ignore-this: d7bb2a80532df444e1ee8e60e3a7b653
darcs-hash:20090220184624-7ad00-2ed594f166e29bcc69d7ecbfe017251764981dd8.gz
|
|
|
|
| |
darcs-hash:20090219214505-7ad00-c547bfbf1f7c12cf7509e0ea66222980c6fa11bc.gz
|
|
|
|
|
|
|
|
| |
There is a new media changelog now, with the flag RECENTS_MEDIA_CHANGES media changes can be requested from the getRecents()-function or the new getRecentsSince()-function, that returns all changes since a given timestamp and optionally before a given timestamp. The media upload and the XML-RPC-server have been changed to use these functions.
Additionally, the event MEDIA_UPLOAD_FINISH has been extended, it has a new $data-attribute (the 5th), that contains a boolean if the file does already exist and will be overwritten.
darcs-hash:20090118154345-074e0-5d9a90d269e86d8c6a156ecce5cf63115c827433.gz
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this patch it is possible to define if a file should be served as download
or be displayed inside the browser (if supported) by configuring it in
conf/mime.conf
Mimetypes that should be served with a "Content-Disposition: attachment" header
need to be prefixed with a exclamation mark. All others will be served inline.
This will also fix a Problem with Flash 10.
darcs-hash:20081202210322-7ad00-6e7ef30aff9322cd135311be77809187da121f3b.gz
|
|
|
|
| |
darcs-hash:20080824100938-fdd0b-c44a74e698eab59347b315881728c6a063e8b740.gz
|
|
|
|
|
|
| |
putAttachment to fit Wiki RPC specs
darcs-hash:20080824100043-2b4f5-4ad6d86abcf6bc816a47bfd902e37684483ff43e.gz
|
|
|
|
| |
darcs-hash:20080824092446-2b4f5-8424c621fcca7f765feaccea88c1e6664ce94209.gz
|
|
|
|
|
|
|
|
|
| |
By using this event, action plugins can register their own callback methods
in DokuWikis XML-RPC server, and extend it's functionality. The event data
is the server instance. Plugins can also remove already registered
callbacks or replace them with their own methods.
darcs-hash:20080824080457-23886-b49b897592ce6717f0980f6044bae2d51fd73336.gz
|
|
|
|
| |
darcs-hash:20080824090633-23886-57dd768012053858ec86eab235698b7f297661ea.gz
|
|
|
|
| |
darcs-hash:20080823173152-2b4f5-8aaed82a8122f0901878326fc17a889c22bc1b79.gz
|
|
|
|
| |
darcs-hash:20080823173120-2b4f5-8efab03fd182909ea192f739a228ffad64938eda.gz
|
|
|
|
| |
darcs-hash:20080823140755-2b4f5-f7d4ce991c38cc6a42e0013e738e291a3d134a43.gz
|
|
|
|
| |
darcs-hash:20080823140622-2b4f5-cb7dbe63f0142fedf39fdb5cfd1abedb10a6fa56.gz
|
|
|
|
| |
darcs-hash:20080823140514-2b4f5-32b2010ecf506250e10ed68704e0c31d99920585.gz
|
|
|
|
| |
darcs-hash:20080823100440-2b4f5-a134b64fe552e5151ac7adce0292e90b62d8c747.gz
|
|
|
|
| |
darcs-hash:20080823100400-2b4f5-6327f95d079589a33d0e7881df3436fde1db89e1.gz
|
|
|
|
| |
darcs-hash:20080813200614-23886-ad320ca14e120d8206ee5ffdfb4ac087e0aa6929.gz
|
|
|
|
| |
darcs-hash:20080713165645-23886-2caca899a42016be8df0797b21d1adef70544cc4.gz
|
|
|
|
| |
darcs-hash:20080713165210-23886-d28593ac62f3471a4dc4a5410263edb0e48986bc.gz
|
|
|
|
| |
darcs-hash:20080713123837-23886-d2cabfd6bb00928f21a64ca317719831efaec3ae.gz
|
|
|
|
| |
darcs-hash:20080417094010-f07c6-383f554d1e06f7fa9946994c5b5b7860b2d5d5db.gz
|
|
|
|
| |
darcs-hash:20080331095402-23886-20331db4e1975c3fbc9c4c59e8688f62d7367390.gz
|
|
|
|
| |
darcs-hash:20080310233733-23886-79cb51e12374a51ac2595298bf331e1525962a2f.gz
|
|
|
|
|
|
|
| |
This function can be used to retrieve a list of revisions
for a given wiki page.
darcs-hash:20080305195532-23886-dee2ffff8dcdc21532fb62674edce8a74d6c5525.gz
|