summaryrefslogtreecommitdiff
path: root/lib/plugins/acl
Commit message (Collapse)AuthorAge
* check permissions in ACL plugin's RPC API component. #1056Andreas Gohr2015-02-24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Security Fix Severity: Medium Type: Remote Priviledge Escalation Remote: yes Vulnerability Details: This fixes a security hole in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also had permissions to set up their own ACL rules and thus circumventing any existing rules. Risk Assessment: The XMLRPC API in DokuWiki is marked experimental and off by default. It also implements an additional safeguard by giving access to a configured circle of users and groups only. So only a minor number of DokuWiki installations will be affected at all. For affected installations the risk is high if users with access to the API are not to be trusted. Thus the overall severity of medium. Resolution: Installations applying this commit are safe. A hotfix is about to be released. Meanwhile users are advised to disable the XMLRPC API in the config manager.
* Losslessly reduced PNG images with optipng -o7 -strip all, advdef -z4 -i60, ↵KeenRivals2015-01-14
| | | | and advpng -z4 -i60.
* translation updateMarian Banica2014-12-30
|
* translation updateJaroslav Lichtblau2014-12-13
|
* Merge remote-tracking branch 'origin/master' into scrutinizerissuesGerrit Uitslag2014-12-09
|\ | | | | | | | | | | | | | | | | Conflicts: inc/media.php inc/plugin.php inc/template.php lib/plugins/authplain/_test/escaping.test.php lib/plugins/syntax.php
| * translation updateYadav Gowda2014-10-15
| |
* | Many PHPDocs, some unused and dyn declared varsGerrit Uitslag2014-10-01
| | | | | | | | | | | | many PHPDocs some unused variables some dynamically declared variables declared
* | more scrutinizer issue improvementsGerrit Uitslag2014-09-29
|/
* translation updateSchplurtz le Déboulonné2014-09-17
|
* updated dates in info.txt of various plugins and templateAnika Henke2014-08-02
|
* translation updateYuthana Tantirungrotechai2014-07-12
|
* translation updateDavor Turkalj2014-07-10
|
* Merge remote-tracking branch 'origin/master' into trailingcolonsGerrit Uitslag2014-06-03
|\ | | | | | | | | | | Conflicts: inc/lang/lv/lang.php inc/lang/pt/lang.php
| * translation updateAivars Miška2014-05-30
| |
* | Move colon from code to language stringsGerrit Uitslag2014-05-16
|/
* translation updateMyeongjin2014-04-27
|
* translation updateMyeongjin2014-04-22
|
* Merge branch 'lang_update_119' of ↵Andreas Gohr2014-03-14
|\ | | | | | | | | | | | | | | | | | | git://github.com/dokuwiki-translate/dokuwiki into pull-request-605 * 'lang_update_119' of git://github.com/dokuwiki-translate/dokuwiki: translation update Conflicts: lib/plugins/acl/lang/et/lang.php
| * translation updateJanar Leas2014-03-12
| |
* | Merge branch 'lang_update_123' of ↵Andreas Gohr2014-03-14
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | git://github.com/dokuwiki-translate/dokuwiki into pull-request-611 * 'lang_update_123' of git://github.com/dokuwiki-translate/dokuwiki: translation update Conflicts: lib/plugins/acl/lang/et/lang.php
| * | translation updateJanar Leas2014-03-13
| |/
* / translation updateJanar Leas2014-03-13
|/
* translation updateAleksandr Selivanov2014-03-11
|
* translation updateJanar Leas2014-03-09
|
* Merge pull request #588 from splitbrain/purge_E_ALLAndreas Gohr2014-03-08
|\ | | | | Purge error log messages to support use of E_ALL
| * improvements in acl plugin to avoid missing var errorsChristopher Smith2014-03-05
| |
| * use empty() where array values might not be setChristopher Smith2014-03-05
| |
* | translation updateJanar Leas2014-03-06
|/
* removed empty language filesAndreas Gohr2014-01-24
| | | | | our translation interface used to submit empty files for a while but no longer does, so these can go
* translation updateIvan Peltekov2013-12-31
|
* translation updateDương Văn Hoàng2013-12-19
|
* translation updateMyeongjin2013-12-07
|
* translation updatezamroni2013-12-03
|
* translation updateGaram2013-11-25
|
* Merge pull request #443 from dokuwiki-translate/lang_update_508Andreas Gohr2013-11-25
|\ | | | | Translation update (no)
| * translation updateThomas Juberg2013-11-24
| |
* | Merge pull request #444 from dokuwiki-translate/lang_update_511Andreas Gohr2013-11-25
|\ \ | | | | | | Translation update (pl)
| * | translation updateTomasz Bosak2013-11-24
| |/
* / translation updateRami Lehti2013-11-24
|/
* remove 'infos' misspellingElan Ruusamäe2013-11-13
| | | | http://english.stackexchange.com/questions/117552/why-does-information-not-have-a-plural-form
* translation updateAhmad Abd-Elghany2013-10-28
|
* fixed strict violation in ACL pluginAndreas Gohr2013-10-28
|
* Merge pull request #395 from splitbrain/FS#2867Andreas Gohr2013-10-28
|\ | | | | FS#2867, ACL processing may fail with utf-8 characters which include byte 'A0'.
| * replace \s, \S with [ \t], [^ \t] in regexs used with aclsChristopher Smith2013-10-21
| |
* | translation updateRemon2013-10-25
| |
* | translation updateMustafa Aslan2013-10-22
|/
* translation updateRoy Zahor2013-10-21
|
* Merge pull request #378 from splitbrain/aclajaxAndreas Gohr2013-10-20
|\ | | | | acl plugin: move ajax.php to action.php
| * remove obsolete opera handling and session closingAndreas Gohr2013-10-20
| |
| * remove no longer used ajax.phpAndreas Gohr2013-10-20
| |
generated by cgit v1.2.3 (git 2.25.1) at 2025-05-11 02:36:28 +0000