From fcfecb69832d5532b9c7d5362e4b7bb781c8fa11 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 26 Jan 2013 16:51:16 +0000 Subject: fix for FS#2676, inserting zero length spaces into long sequences of non-breaking characters in diffs --- inc/html.php | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 5c1c75cf6..89a8a4c7d 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1154,8 +1154,7 @@ function html_diff($text='',$intro=true,$type=null){ list($l_head, $r_head, $l_minor, $r_minor) = html_diff_head($l_rev, $r_rev); } - $df = new Diff(explode("\n",htmlspecialchars($l_text)), - explode("\n",htmlspecialchars($r_text))); + $df = new Diff(explode("\n",hsc($l_text)),explode("\n",hsc($r_text))); if($type == 'inline'){ $tdf = new InlineDiffFormatter(); @@ -1205,12 +1204,38 @@ function html_diff($text='',$intro=true,$type=null){ - format($df)?> + format($df)); ?> ]*>|[^<> ]{12,}/','html_softbreak_callback',$diffhtml); +} + +function html_softbreak_callback($match){ + // if match is an html tag, return it intact + if ($match[0]{0} == '<') return $match[0]; + + // its a long string without a breaking character, + // make certain characters into breaking characters by inserting a + // breaking character (zero length space, U+200B / #8203) in front them. + $regex = <<< REGEX +(?(?= # start a conditional expression with a positive look ahead ... +&(\#\\d{1,4}|[[:alpha:]]{1,4});) # ... for html entities - we don't want to split them +&\#?\\w{1,4}; # yes pattern - a quicker match for the html entity, since we know we have one +| +[?/,&\#;:]+ # no pattern - any other group of 'special' characters to insert a breaking character after +) # end conditional expression +REGEX; + + return preg_replace('<'.$regex.'>xu','\0​',$match[0]); +} + /** * show warning on conflict detection * -- cgit v1.2.3 From 3c94d07beba64154ecd707805fa87f2eaf5e4d02 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Sat, 26 Jan 2013 16:53:23 +0000 Subject: store choices for recent changes and diff views in cookie (FS#2438 and FS#2700) Note: These changes don't work yet. The cookie is not set and deletes the old one. --- inc/html.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 5c1c75cf6..444913233 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1088,8 +1088,17 @@ function html_diff($text='',$intro=true,$type=null){ global $REV; global $lang; global $INPUT; + global $INFO; - if(!$type) $type = $INPUT->str('difftype'); + if(!$type) { + $type = $INPUT->str('difftype'); + if (empty($type)) { + $type = get_doku_pref('difftype', $type); + if (empty($type) && $INFO['ismobile']) { + $type = 'inline'; + } + } + } if($type != 'inline') $type = 'sidebyside'; // we're trying to be clever here, revisions to compare can be either -- cgit v1.2.3 From 298a7e081c2658a706ddd08b713b3f1c420564c4 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 26 Jan 2013 18:39:30 +0000 Subject: update pattern to catch more html entities --- inc/html.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 89a8a4c7d..f72316a5e 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1226,8 +1226,8 @@ function html_softbreak_callback($match){ // breaking character (zero length space, U+200B / #8203) in front them. $regex = <<< REGEX (?(?= # start a conditional expression with a positive look ahead ... -&(\#\\d{1,4}|[[:alpha:]]{1,4});) # ... for html entities - we don't want to split them -&\#?\\w{1,4}; # yes pattern - a quicker match for the html entity, since we know we have one +&\#?\\w{1,6};) # ... for html entities - we don't want to split them (ok to catch some invalid combinations) +&\#?\\w{1,6}; # yes pattern - a quicker match for the html entity, since we know we have one | [?/,&\#;:]+ # no pattern - any other group of 'special' characters to insert a breaking character after ) # end conditional expression -- cgit v1.2.3 From fc7684bc7f41c3351955f71b8a94a73bb11aa358 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Corinth?= Date: Wed, 30 Jan 2013 14:36:09 +0100 Subject: Added the title attribute for namespace-links --- inc/html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 5c1c75cf6..3124f4b1d 100644 --- a/inc/html.php +++ b/inc/html.php @@ -859,7 +859,7 @@ function html_list_index($item){ $base = ':'.$item['id']; $base = substr($base,strrpos($base,':')+1); if($item['type']=='d'){ - $ret .= ''; + $ret .= ''; $ret .= $base; $ret .= ''; }else{ -- cgit v1.2.3 From 8a65ef2ef3046b80d45c36abc561cef3ae6ec1b7 Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Sat, 16 Feb 2013 13:49:47 +0000 Subject: fixed edit toolbar being cut off (FS#2715) --- inc/html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index a48f18bff..ddaed2261 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1473,7 +1473,7 @@ function html_edit(){ } ?>
-
+
-- cgit v1.2.3 From 25c4afb8d352fa02fddec2253b301c13d0cd3fb2 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sat, 16 Feb 2013 17:02:05 +0000 Subject: FS#2111, improve security check --- inc/html.php | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index ddaed2261..c2723bceb 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1636,11 +1636,16 @@ function html_admin(){ } // data security check - // @todo: could be checked and only displayed if $conf['savedir'] is under the web root - echo ' - Your data directory seems to be protected properly.'; + // simple check if the 'savedir' is relative and accessible when appended to DOKU_URL + // it verifies either: + // 'savedir' has been moved elsewhere, or + // has protection to prevent the webserver serving files from it + if (substr($conf['savedir'],0,2) == './'){ + echo ' + Your data directory seems to be protected properly.'; + } print p_locale_xhtml('admin'); -- cgit v1.2.3 From f76724a46dee840092905f3d819423ffd556f14e Mon Sep 17 00:00:00 2001 From: Tom N Harris Date: Sat, 16 Feb 2013 16:07:00 -0500 Subject: Move inline diff headers into a vertical column. --- inc/html.php | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index c2723bceb..78042cb8b 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1003,14 +1003,16 @@ function html_backlinks(){ * @param string $r_rev Right revision * @param string $id Page id, if null $ID is used * @param bool $media If it is for media files + * @param bool $inline Return the header on a single line * @return array HTML snippets for diff header */ -function html_diff_head($l_rev, $r_rev, $id = null, $media = false) { +function html_diff_head($l_rev, $r_rev, $id = null, $media = false, $inline = false) { global $lang; if ($id === null) { global $ID; $id = $ID; } + $head_separator = $inline ? ' ' : '
'; $media_or_wikiFN = $media ? 'mediaFN' : 'wikiFN'; $ml_or_wl = $media ? 'ml' : 'wl'; $l_minor = $r_minor = ''; @@ -1032,7 +1034,7 @@ function html_diff_head($l_rev, $r_rev, $id = null, $media = false) { $l_head_title = ($media) ? dformat($l_rev) : $id.' ['.dformat($l_rev).']'; $l_head = ''. $l_head_title.''. - '
'.$l_user.' '.$l_sum; + $head_separator.$l_user.' '.$l_sum; } if($r_rev){ @@ -1050,7 +1052,7 @@ function html_diff_head($l_rev, $r_rev, $id = null, $media = false) { $r_head_title = ($media) ? dformat($r_rev) : $id.' ['.dformat($r_rev).']'; $r_head = ''. $r_head_title.''. - '
'.$r_user.' '.$r_sum; + $head_separator.$r_user.' '.$r_sum; }elseif($_rev = @filemtime($media_or_wikiFN($id))){ $_info = getRevisionInfo($id,$_rev,true, $media); if($_info['user']){ @@ -1067,7 +1069,7 @@ function html_diff_head($l_rev, $r_rev, $id = null, $media = false) { $r_head = ''. $r_head_title.' '. '('.$lang['current'].')'. - '
'.$_user.' '.$_sum; + $head_separator.$_user.' '.$_sum; }else{ $r_head = '— ('.$lang['current'].')'; } @@ -1160,7 +1162,7 @@ function html_diff($text='',$intro=true,$type=null){ } $r_text = rawWiki($ID,$r_rev); - list($l_head, $r_head, $l_minor, $r_minor) = html_diff_head($l_rev, $r_rev); + list($l_head, $r_head, $l_minor, $r_minor) = html_diff_head($l_rev, $r_rev, null, false, $type == 'inline'); } $df = new Diff(explode("\n",hsc($l_text)),explode("\n",hsc($r_text))); @@ -1205,6 +1207,18 @@ function html_diff($text='',$intro=true,$type=null){ ?>
+ + + + + + + + - format($df)); ?> + format($df)); ?>
---> + +
+++> + +
> @@ -1213,7 +1227,8 @@ function html_diff($text='',$intro=true,$type=null){
Date: Sat, 16 Feb 2013 21:11:40 +0000 Subject: fix a couple of diff issues: shouldn't be any need to html encode before finding diffs; move quantifier outside regex condition --- inc/html.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index c2723bceb..6c42f6e7b 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1163,7 +1163,7 @@ function html_diff($text='',$intro=true,$type=null){ list($l_head, $r_head, $l_minor, $r_minor) = html_diff_head($l_rev, $r_rev); } - $df = new Diff(explode("\n",hsc($l_text)),explode("\n",hsc($r_text))); + $df = new Diff(explode("\n",$l_text),explode("\n",$r_text)); if($type == 'inline'){ $tdf = new InlineDiffFormatter(); @@ -1238,8 +1238,8 @@ function html_softbreak_callback($match){ &\#?\\w{1,6};) # ... for html entities - we don't want to split them (ok to catch some invalid combinations) &\#?\\w{1,6}; # yes pattern - a quicker match for the html entity, since we know we have one | -[?/,&\#;:]+ # no pattern - any other group of 'special' characters to insert a breaking character after -) # end conditional expression +[?/,&\#;:] # no pattern - any other group of 'special' characters to insert a breaking character after +)+ # end conditional expression REGEX; return preg_replace('<'.$regex.'>xu','\0​',$match[0]); -- cgit v1.2.3 From c0e94f2ae82b91c9a8af05eea8443b37eef52ba7 Mon Sep 17 00:00:00 2001 From: Tom N Harris Date: Sat, 16 Feb 2013 16:28:01 -0500 Subject: Monospace font for header prefix. --- inc/html.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 78042cb8b..420efd633 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1209,12 +1209,12 @@ function html_diff($text='',$intro=true,$type=null){ - - -- cgit v1.2.3 From 56133a04d1c5dcd4825f4c0c978b8a9336d603d0 Mon Sep 17 00:00:00 2001 From: Tom N Harris Date: Sat, 16 Feb 2013 18:15:13 -0500 Subject: Fix width of indicator column. --- inc/html.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 420efd633..e657d2c78 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1209,12 +1209,12 @@ function html_diff($text='',$intro=true,$type=null){
---> + --->
+++> + +++>
- - -- cgit v1.2.3 From d3bae4781025502fdfb729854e39f8b2072b8a37 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 1 Apr 2013 16:55:40 +0100 Subject: add capability to restrict recipients of dokuwiki 'msg' alerts. This is useful where message is added to the queue before authentication is initialized --- inc/html.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 59415f7da..09d1387bd 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1297,9 +1297,11 @@ function html_msgarea(){ foreach($MSG as $msg){ $hash = md5($msg['msg']); if(isset($shown[$hash])) continue; // skip double messages - print '
'; - print $msg['msg']; - print '
'; + if(info_msg_canshow($msg)){ + print '
'; + print $msg['msg']; + print '
'; + } $shown[$hash] = 1; } -- cgit v1.2.3 From f755f9abc6fe099a6bee2bdd4acda44baca5ea7a Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 7 Apr 2013 19:40:27 +0100 Subject: change nomenclature from 'show' to 'allow' (fn from canshow to allowed) --- inc/html.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 09d1387bd..fb39fcb3c 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1297,7 +1297,7 @@ function html_msgarea(){ foreach($MSG as $msg){ $hash = md5($msg['msg']); if(isset($shown[$hash])) continue; // skip double messages - if(info_msg_canshow($msg)){ + if(info_msg_allowed($msg)){ print '
'; print $msg['msg']; print '
'; -- cgit v1.2.3 From a154806fb54c04841a42641bf5d66716d89c1554 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 25 Apr 2013 16:43:54 +0200 Subject: authad: capabilities depend on userdomain specific config --- inc/html.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index fb39fcb3c..3bef75eab 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1352,6 +1352,8 @@ function html_updateprofile(){ /** @var auth_basic $auth */ global $auth; + var_dump($auth); + print p_locale_xhtml('updateprofile'); $fullname = $INPUT->post->str('fullname', $INFO['userinfo']['name'], true); -- cgit v1.2.3 From c366e16a83b0dcd4ad853358daf8cf6ecd8b3cd6 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Thu, 25 Apr 2013 17:03:19 +0200 Subject: removed debug statement thanks @Klap-in --- inc/html.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'inc/html.php') diff --git a/inc/html.php b/inc/html.php index 3bef75eab..fb39fcb3c 100644 --- a/inc/html.php +++ b/inc/html.php @@ -1352,8 +1352,6 @@ function html_updateprofile(){ /** @var auth_basic $auth */ global $auth; - var_dump($auth); - print p_locale_xhtml('updateprofile'); $fullname = $INPUT->post->str('fullname', $INFO['userinfo']['name'], true); -- cgit v1.2.3
---> + ->
+++> + +>