| Commit message (Collapse) | Author | Age |
|---|
| | |
|
| |
|
|
|
|
|
| |
The plugin manager echos raw URLs in error messages, this could allow to
construct an XSS attack. However the affected form is CSRF protected,
so an attacker would require another XSS vulnerability to get the needed token,
rendering this attack unneeded. So this should not be exploitable.
|
| |
|
|
|
|
|
| |
This reverts commit f2cb3ec76dec3fe2b40f25765ef842223c7132fe.
Turns out I was too fast merging this. I can't get PHP's bzip handler to
handle a bzip1 compressed file.
|
| |
|
|
|
| |
in fact .tbz is tar.bz (bzip1) and .tbz2 is what tar.bz2 is used
commonly.
|
| |
|
|
|
|
| |
- removed some dead/unused code
- fixed phpdoc
- added typing on methods
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
The constants are required by the class constructor, which effectively
means before the autoloader is triggered. This change fixes that issue.
|
| |
|
|
|
| |
This patch moved the place where DOKU_PLUGIN is defined. It no longer
can be set from a normal config (only via preload)
|
| |
|
|
|
|
| |
Ignore-this: 252bb5a42965ed045221c0544136aa62
darcs-hash:20091111203437-7ad00-86f06d842b3bec22641a637cb09dbc666a42ca2d.gz
|
| |
|
|
|
|
|
|
|
|
| |
Ignore-this: 584fbb1e0d2cfece4648d282cb5f330a
The plugin manager now doesn't rely on the file extension when deciding how
to extract a plugin archive but instead looks at the magic bytes of the
downloaded file.
darcs-hash:20090725160844-7ad00-c64d76c4f5f708feba092417c8a7834951c479f9.gz
|
|
|
Ignore-this: 4007248aa01f09990612c844c8a83900
This patch moves the different classes of the plugin manager into their own
files and moves formerly global utility functions into the appropriate
class scopes.
darcs-hash:20090725152105-7ad00-89801e811b7eb0d0db25a825d6065aed8ef95c33.gz
|
