From 29778747fefc70b9f318ba91b47e9207aebc1a95 Mon Sep 17 00:00:00 2001
From: Kate Arzamastseva <pshns@ukr.net>
Date: Sat, 4 Jun 2011 19:19:27 +0300
Subject: media revisions in recent changes

---
 inc/common.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index 7522095ab..e0405a735 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -15,6 +15,7 @@ define('RECENTS_SKIP_DELETED',2);
 define('RECENTS_SKIP_MINORS',4);
 define('RECENTS_SKIP_SUBSPACES',8);
 define('RECENTS_MEDIA_CHANGES',16);
+define('RECENTS_INCLUDE_MEDIA',32);
 
 /**
  * Wrapper around htmlspecialchars()
-- 
cgit v1.2.3


From 61f1aad8f877bdf33a160812d88b60c56aed1040 Mon Sep 17 00:00:00 2001
From: Kate Arzamastseva <pshns@ukr.net>
Date: Sun, 5 Jun 2011 21:00:51 +0300
Subject: media version saving fixes

---
 inc/common.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index e0405a735..acd3609d6 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -14,7 +14,7 @@ if(!defined('DOKU_INC')) die('meh.');
 define('RECENTS_SKIP_DELETED',2);
 define('RECENTS_SKIP_MINORS',4);
 define('RECENTS_SKIP_SUBSPACES',8);
-define('RECENTS_MEDIA_CHANGES',16);
+define('RECENTS_SKIP_PAGES',16);
 define('RECENTS_INCLUDE_MEDIA',32);
 
 /**
-- 
cgit v1.2.3


From 0b926329daf6b9cd03c01a4e5b26b968d6cb16a8 Mon Sep 17 00:00:00 2001
From: Kate Arzamastseva <pshns@ukr.net>
Date: Fri, 10 Jun 2011 13:19:28 +0300
Subject: recent changes fix

---
 inc/common.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index acd3609d6..6d707e704 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -14,8 +14,8 @@ if(!defined('DOKU_INC')) die('meh.');
 define('RECENTS_SKIP_DELETED',2);
 define('RECENTS_SKIP_MINORS',4);
 define('RECENTS_SKIP_SUBSPACES',8);
-define('RECENTS_SKIP_PAGES',16);
-define('RECENTS_INCLUDE_MEDIA',32);
+define('RECENTS_MEDIA_CHANGES',16);
+define('RECENTS_MEDIA_PAGES_MIXED',32);
 
 /**
  * Wrapper around htmlspecialchars()
-- 
cgit v1.2.3


From c5f927421e944bfe2ed61a7d50177e7a04c7a079 Mon Sep 17 00:00:00 2001
From: Michael Hamann <michael@content-space.de>
Date: Fri, 19 Aug 2011 16:10:08 +0200
Subject: Don't delete meta files when pages are deleted, fixes FS#2301

As we need to keep all core meta files anyway (the only core file that
had been deleted but shouldn't be deleted is the .indexed file) and
plugins can keep care of their own metadata files using the
IO_WIKIPAGE_WRITE event there is no reason for using the expensive
metaFiles() function during the deletion of pages.
---
 inc/common.php | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index 7522095ab..239cfcf99 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -1007,16 +1007,8 @@ function saveWikiText($id,$text,$summary,$minor=false){
         $newRev = saveOldRevision($id);
         // remove empty file
         @unlink($file);
-        // remove old meta info...
-        $mfiles = metaFiles($id);
-        $changelog = metaFN($id, '.changes');
-        $metadata  = metaFN($id, '.meta');
-        $subscribers = metaFN($id, '.mlist');
-        foreach ($mfiles as $mfile) {
-            // but keep per-page changelog to preserve page history, keep subscriber list and keep meta data
-            if (@file_exists($mfile) && $mfile!==$changelog && $mfile!==$metadata && $mfile!==$subscribers) { @unlink($mfile); }
-        }
-        // purge meta data
+        // don't remove old meta info as it should be saved, plugins can use IO_WIKIPAGE_WRITE for removing their metadata...
+        // purge non-persistant meta data
         p_purge_metadata($id);
         $del = true;
         // autoset summary on deletion
-- 
cgit v1.2.3


From 554a8c9ffe7dc256ff10fdb49a144ca7dc510989 Mon Sep 17 00:00:00 2001
From: Adrian Lang <mail@adrianlang.de>
Date: Sat, 24 Sep 2011 16:34:32 +0200
Subject: More mediamanager reworking

---
 inc/common.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index 56a7fb060..ec7f9bece 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -1558,4 +1558,16 @@ function valid_input_set($param, $valid_values, $array, $exc = '') {
     }
 }
 
+function get_doku_pref($pref, $default) {
+    if (strpos($_COOKIE['DOKU_PREFS'], $pref) !== false) {
+        $parts = explode('#', $_COOKIE['DOKU_PREFS']);
+        for ($i = 0; $i < count($parts); $i+=2){
+            if ($parts[$i] == $pref) {
+                return $parts[$i+1];
+            }
+        }
+    }
+    return $default;
+}
+
 //Setup VIM: ex: et ts=2 :
-- 
cgit v1.2.3


From 407e65b998d62ef65046facba0d66a5dbbcb2509 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 15 Oct 2011 10:40:31 +0200
Subject: Treat a whitespace-only page as empty and delete it FS#2283

---
 inc/common.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index ec7f9bece..8b92ebcbc 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -980,7 +980,7 @@ function saveWikiText($id,$text,$summary,$minor=false){
 
     $file = wikiFN($id);
     $old = @filemtime($file); // from page
-    $wasRemoved = empty($text);
+    $wasRemoved = (trim($text) == ''); // check for empty or whitespace only
     $wasCreated = !@file_exists($file);
     $wasReverted = ($REV==true);
     $newRev = false;
-- 
cgit v1.2.3


From 85fef7e2945dc208c20d655d280aac102658747a Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 15 Oct 2011 18:41:09 +0200
Subject: allow page unlocking based on session IDs FS#2262

---
 inc/common.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index 8b92ebcbc..39af439f8 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -714,8 +714,8 @@ function checklock($id){
     }
 
     //my own lock
-    $ip = io_readFile($lock);
-    if( ($ip == clientIP()) || ($ip == $_SERVER['REMOTE_USER']) ){
+    list($ip,$session) = explode("\n",io_readFile($lock));
+    if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()){
         return false;
     }
 
@@ -738,7 +738,7 @@ function lock($id){
     if($_SERVER['REMOTE_USER']){
         io_saveFile($lock,$_SERVER['REMOTE_USER']);
     }else{
-        io_saveFile($lock,clientIP());
+        io_saveFile($lock,clientIP()."\n".session_id());
     }
 }
 
@@ -751,8 +751,8 @@ function lock($id){
 function unlock($id){
     $lock = wikiLockFN($id);
     if(@file_exists($lock)){
-        $ip = io_readFile($lock);
-        if( ($ip == clientIP()) || ($ip == $_SERVER['REMOTE_USER']) ){
+        list($ip,$session) = explode("\n",io_readFile($lock));
+        if($ip == $_SERVER['REMOTE_USER'] || $ip == clientIP() || $session == session_id()){
             @unlink($lock);
             return true;
         }
-- 
cgit v1.2.3


From 8071beaa75257a6e763bf8b2d6dd586fe0935d6b Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 15 Oct 2011 20:53:56 +0200
Subject: bind security token to username

This makes the security token more robust agains session fixation
attacks. A CSRF warning will no longer abort a page save but lead to the
preview mode to avoid information loss when a user logs in during
editing (eg in another tab).
---
 inc/common.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'inc/common.php')

diff --git a/inc/common.php b/inc/common.php
index 39af439f8..0c769c50d 100644
--- a/inc/common.php
+++ b/inc/common.php
@@ -56,7 +56,7 @@ function stripctl($string){
  * @return  string
  */
 function getSecurityToken(){
-    return md5(auth_cookiesalt().session_id());
+    return md5(auth_cookiesalt().session_id().$_SERVER['REMOTE_USER']);
 }
 
 /**
-- 
cgit v1.2.3