| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| | |
|
| |
|
|
|
|
| |
many PHPDocs
some unused variables
some dynamically declared variables declared
|
| |
|
|
|
|
|
| |
It seems, some servers require a special Status: header for sending the
HTTP status code from PHP (F)CGI to the server. This patch introduces a
new function (adopted from CodeIgniter) for simplifying the status
handling.
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| | |
Conflicts:
lib/exe/xmlrpc.php
|
| | | |
|
| | |
| |
| |
| |
| | |
The score was randomly transfered as string or as integer.
This way it will always be transfered as an integer.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Added the new error codes and categories:
--- 212 Not allowed to delete media
== 230 Media edit error
--- 231 Filename not given
--- 232 File is still referenced
--- 233 Could not delete file
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since there are currently a lot of error coded returning 1, that mean
completly different thing, i guess it would be very nice to change this.
A client should not be forced to parse the error message, the error code
should be enough to explain the error.
This change suggests some error codes, that have a hierarchical
structure. In the following list the categories begin with = and the
error codes actually used with -.
= 100 Page errors
== 110 Page access errors
--- 111 User is not allowed to read the requested page
--- 112 User is not allowed to edit the page
== 120 Page existance errors
--- 121 The requested page does not exist
== 130 Page edit errors
--- 131 Empty page id
--- 132 Empty page content
--- 133 Page is locked
--- 134 Positive wordblock check
= 200 Media errors
== 210 Media access errors
--- 211 User is not allowed to read media
--- 215 User is not allowed to list media
== 220 Media existance errors
--- 221 The requested media does not exist
= 300 Search errors
== 310 Argument errors
--- 311 The provided value is not a valid timestamp
== 320 Search result errors
--- 321 No chances in specified timeframe
|
| | |
| |
| | |
Without creating an IXR_Base64 object, the file will be encoded as base64, but send as string. The client XML-RPC parser cannot detect that it is meant to be a base64 encoded file.
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| |
|
|
|
|
|
|
| |
The login wasn't able to modify the session as it was already closed
earlier.
This patch also executes the correct event when logins via XMLRPC are
done.
|
| |
|
|
| |
If the user is already logged in, a 403 is sent instead now.
|
| |
|
|
|
|
|
| |
This is far from perfect but should solve most issues in the recommended
configuration where only authorized users have access. Sending proper
status codes should be implemented when the API implementation
refactoring is done.
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
Conflicts:
inc/fulltext.php
inc/indexer.php
lib/exe/indexer.php
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Changes:
* XML-RPC now correctly allows leading and trailing _
* Error messages from XML-RPC are correct
* MEDIA_UPLOAD_FINISH has a sixth param specifying the move function
* Not having upload rights when using media_upload throws a msg
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Functionality changes:
* deleteAttachment now triggers MEDIA_DELETE_FILE (closes FS#1568)
* deletion success msg in mediamanager is correct, even when the ns dir
was deleted
* media_delete changed quite a bit
|
| |\|
| |
| |
| |
| |
| |
| | |
Conflicts:
inc/fulltext.php
inc/indexer.php
lib/exe/indexer.php
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For locks and getRevisions there hasn't been any acl check. In many
other cases the id hadn't been cleaned before the acl check was done
which means that many acl rules that should be applied weren't applied.
So e.g. when you have read permissions for the root namespace but not
for a subnamespace you could add a leading ":" and the permissions for
the root namespace will be used instead of the permissions for the
subnamespace. This did not apply to writing pages and reading media
files, but writing and deleting media files have been concerned as well
as reading both plain and html versions of pages.
This only concerns installations where XML-RPC is enabled (default is
disabled) and XML-RPC is allowed for all or untrusted users.
|
| | |
| |
| |
| |
| |
| | |
As of VIM 7.3 it is no longer possible to specify the encoding in the
modeline. This gives an error message whenever such a file is opened,
thus this commit removes the enc setting from the modeline.
|
| | | |
|
| | | |
|
| |/ |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
$data
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.
|
| |\
| |
| |
| |
| | |
Conflicts:
inc/fulltext.php
|
| | | |
|
| | |
| |
| |
| |
| | |
The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template
has been read but before performing the template replacements.
|
| |/ |
|
| |
|
|
|
|
|
|
| |
Ignore-this: f43d3f070cfae4040e0e70648d0e541a
The XMLRPC backend will not trim whitespaces or newlines from string values
anymore.
darcs-hash:20091219151652-7ad00-94d6cb26ff6396e09f107cf09dccb5423680c5c9.gz
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Ignore-this: 517a7546aab86c5370cccf1aa2171490
Parameters passed to dokuwiki.getPagelist and wiki.getAttachments could
contain the option "skipacl" which would prevent ACL checking. This
could leak information about usually non-readable files (like filenames,
sizes and so on). The content of the files was not accessible.
XMLRPC is disabled by default.
darcs-hash:20091116220523-7ad00-0fa8a9a7a52076619c6836738f9a1f00a6dafe27.gz
|
| |
|
|
|
|
|
|
|
| |
Ignore-this: 1370cee84d44bb35ae7c0c988ed8f1ff
This patch adds a config option to define users or groups that may access
the XMLRPC API. ACLs are still checked on top of this intial access control.
darcs-hash:20090516114351-7ad00-155fb6c74c29f5f84e79544a534369eec0403ff0.gz
|
| |
|
|
|
|
| |
Ignore-this: c7d706a81320fb2bf80a399e5fcc259a
darcs-hash:20090308112249-7ad00-488e7b5cc87ad3727a161b9625892709d4f25fc0.gz
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A simple version number was added to the XMLRPC API to make it
easy for clients to check if the remote endpoint supports certain
features.
The login function will take credentials and set cookies on
successful login. This is useful when HTTP Basic auth is not
available.
darcs-hash:20090303193608-7ad00-45b1cd7a5165656796df25ed5c4ebc6e8ef7f95a.gz
|
| |
|
|
|
|
| |
Ignore-this: 6477d59a1da2f51295326537fa8e14bf
darcs-hash:20090227220304-074e0-24e77eb6641c0b43c30a941146487facf2f2277f.gz
|
| |
|
|
|
|
|
| |
Some parameters of media_search where changed, parts using this function
need to be identified and fixed.
darcs-hash:20090223172746-7ad00-d07951739fba17d0c8925b28b947f7cbb7fc7e1a.gz
|
| |
|
|
|
|
| |
Ignore-this: d7bb2a80532df444e1ee8e60e3a7b653
darcs-hash:20090220184624-7ad00-2ed594f166e29bcc69d7ecbfe017251764981dd8.gz
|
