Following the problem with IE's mimetype handling described at
http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting
this patch adds a new option (on by default) to check the first 256
bytes of uploaded files against a list of a few HTML tags and denies
the upload of such a file. In rare occasions this may block harmless
and valid files, but that's price we have to pay for Microsoft's
stupidity.
Users who need HTML uploads should disable this check. (Don't do that on
open Wikis!)
darcs-hash:20070224124458-7ad00-0ced616d06f563515b36a0a6871b5ba50229c946.gz
On certain platforms the ignore_user_abort function does not work as expected, resulting
in a non working indexer webbug. Users with such a broken system (IIS+PHP as CGI) can
enable this option to work around the problem (resulting in longer load times for the
webbug).
darcs-hash:20070208195145-7ad00-8fc14f9da535a70fa837066773e15a3926b077c7.gz
Add a configuration option to control whether or not the edit/revision summary is
displayed with the title of RSS feeds. The default is to show the summary, the same as
DokuWiki did prior to this addition.
darcs-hash:20061101023313-9039d-d067e9bcd7dc0c7cabd57674d1072c5b882ad4e7.gz
Make Chinese and Japanese work better with the new indexer.
Some missing punctuation added to utf8_stripspecials.
Misc. other changes to make indexing faster. The indexes will expire on
backend upgrades, so you don't have to delete *.indexed
darcs-hash:20061117123032-6942e-774b38e08234928c49b37e40addba375acf67ac0.gz
Spammers use unprotected wikis to upload spammy HTML pages. This disables
HTML upload by default
darcs-hash:20061101161813-7ad00-11c808965ef80bd042ea3e3586352cfdccb309db.gz
This patch changes fetch.php ability to download external files. It now checks
for the returned MIME type and will only download images. For all other
MIME types a redirect is sent back to the browser. This reduces the risc of
being misused as open proxy.
Additionally the download facility is disabled completly by default by setting
the fetchsize option to 0. Users who want the feature need to overwrite the option
in their local.php.
Background: The ability to download external files is needed to resize external
images on the server side. When disabled, a redirect is sent to the browser which
will download the fullsize image and rescale it on the client side which is more
bandwidth and CPU intensive.
darcs-hash:20061017175329-7ad00-cd1b1bfa043a04540c51ca8380d28deaa14147d1.gz
Cache
- add dependency for metadata renderer file
- check metadata for end of page life, "date valid end".
Metadata Renderer
- RSS syntax mode now sets rendered page expiry, "date valid end"
and includes the feed URL in "relation haspart".
Purgefile
For all wiki installations the purgefile records the earliest
time before which no cache purge (based on data consistency)
is required. Cache files older than this time MAY need to be
purged.
- remove purgeonadd configuration setting
darcs-hash:20060924202157-9b6ab-4531e91411c41914eeab2b6a8160c3d46b001cee.gz
Messages are now displayed to all users if ACL is not enabled. The update-URL
changed to http://update.dokuwiki.org/check/
darcs-hash:20060917145025-7ad00-1d64b90e51c1a49567a28b132caf79ae0f124c8e.gz
This patch adds a feature to let DokuWiki automatically check if updates are
available or any other important messages (like security warnings) and then
display this info to the admin user.
DokuWiki will contact the URL http://www.splitbrain.org/lib/exe/msg.php
with a parameter telling it which messages it already know (read from
conf/msg) - the server side script then will return all new messages.
The messages will be displayed until DokuWiki was upgraded or conf/msg
was updated manually. Messages are cached and only checked once a day.
The messenger URL will probably change before the next release.
darcs-hash:20060916210229-7ad00-7ac592650e171ae4144b0eb47a751a4ca480f031.gz
This patch provides a rewritten changelog system that is designed to run
efficiently on both small and large wikis. The patch includes a plugin to
convert changelogs from the current format. The conversion is
non-destructive and happens automatically. For more information on the new
changelog format see "http://wiki.splitbrain.org/wiki:changelog".
Structure
In short the changelog is now stored in per-page changelog files, with a
recent changes cache. The recent changes cache is kept in
"/data/meta/_dokuwiki.changes" and trimmed daily. The per-page changelogs
are kept in "/data/meta/<ns>/<page_id>.changes" files. To preserve
revision information for revisions stored in the attic, the "*.changes"
files are not removed when their page is deleted. This allows the full
life-cycle of page creation, deletion, and reversion to be tracked.
Format
The changelog line format now uses a general "line type" field in place of
the special "minor" change syntax. There is also an extra field that can
be used to store arbitrary data associated with special line types. The
reverted line type (R) is a good example. There the extra field holds the
revision date used as the source for reverting the page. See the wiki for
the complete syntax description.
Code Notes
The changelog functions have been rewritten to load the whole file only if
it is small. For larger files, the function loads only the relevant
chunk(s). Parsed changelog lines are cached in memory to speed future
function calls.
getRevisionInfo
A binary search is used to locate the chunk expected to contain the
requested revision. The whole chunk is parsed, and adjacent lines are
optimistically cached to speed consecutive calls.
getRevisions
Reads the changelog file backwards (newest first) in chunks until the
requested number of lines have been read. Parsed changelog lines are
cached for subsequent calls to getRevisionInfo. Because revisions are read
from the changelog they are no longer guaranteed to exist in the attic.
(Note: Even with lines of arbitrary length getRevisionInfo and
getRevisions never split changelog lines while reading. This is done by
sliding the "file pointer" forward to the end of a line after each blind
seek.)
isMinor
Removed. To detect a minor edit check the type as follows:
$parsed_logline['type']
darcs-hash:20060830182753-05dcb-1c5ea17f581197a33732a8d11da223d809c03506.gz
- add $conf['compression'] meta data and en lang strings
- remove $conf['usegzip'] meta data and en lang strings
Other language strings will need to be updated.
darcs-hash:20060825223047-9b6ab-b0c8c6af57847690a6d398d0bd98af9a51911c21.gz
This patch changes the password reset function to a two-stage process.
After requesting a new password a confirmation email is sent first, only
if the link contained in this mail is used the password is changed for real.
This makes sure malicious people can't reset passwords for other users.
darcs-hash:20060714110548-7ad00-c1e23fd51cc2d2f16473914421ebe0f9c3b2ba8c.gz
This patch adds a config option to disable certain internal action commands of
DokuWiki's main dispatcher.
The options resendpasswd and openregister were removed because they can now set
through this new option.
The config plugin needs to be adjusted.
darcs-hash:20060702121622-7ad00-1e80e77bcfb0ae561fe7abd79cfbe1bb158be720.gz
A small patch for dokuwiki which enables dokuwiki to notify the
administrator about new user registrations
darcs-hash:20060615194419-022eb-51630aff3c6d93abc656742fc0bc723b93f97734.gz
This patch adds an option to configure the maximum size for files the fetch.php
will ever download. Setting this to 0 completely turns of the caching of external
media files.
Disadvantages of setting a low or zero fetchsize:
* fetch.php needs to download images to be able to resize them. When the used
fetchsize prevents the downloading the images can only be resized by the
browser which means the browser will need to download the fullsized image first.
* If the linked external media files vanishes it will no longer display in the
wiki because it is not cached.
Advantages of setting a low or zero fetchsize:
* fetch.php may be used for a possible denial of service attack by requesting
many big external files.
* The created cache files may take a lot of space on the server
I recommend to leave the setting at 2MB for internal and private wikis and lower
the setting to about 200 to 500 Kb for bigger public Wikis.
Note: the caching of files uploaded through the media manager is not affected by
this setting.
darcs-hash:20060615184847-7ad00-04fc39928f7d72e56f5c5e271013ef265436e6c9.gz
This patch adds a completely rewritten media popup. The following noteworthy
changes were made:
- media manager uses a collapsible namespace tree
- media manager uses AJAX if available
- media manager popup can be kept open when selecting a media file
- only one template is used for the media manager :!: Template
- Editable image metadata is configured in conf/mediameta.php now
- The JS cookie mechanism was enhanced to store key/value pairs
- Language strings can be exported to JS in js.php
darcs-hash:20060519165023-7ad00-4932b4553fc919aa4a8b8187958b823acf4f8cee.gz
- Enables gzip compression of output xhtml for browsers that support it.
For example the wiki:syntax page takes up 46.80KB raw, but only 9.88KB gzip encoded.
- Setting is configurable through the config plugin.
darcs-hash:20060516084132-05dcb-d8d1c7911a951b00e166c5a94f46a2cf1cfa5846.gz
- Adds a jpg quality setting for scaled images
(Some images were getting too many jpg artifacts
at the hard-coded compression setting.)
- Creates a group for the media settings in the
config plugin.
darcs-hash:20060516062321-05dcb-a175b0de3264322a335cf60d8ee96317f7b03144.gz
- Gives the wiki administrator control over how often the RSS feed is regenerated.
- The RSS feed now handles conditional requests and returns HTTP '304 Not Modified'
responses when possible.
darcs-hash:20060324133315-05dcb-3b814e28523f2a0717222a4940d6fbbb28576cf5.gz
DokuWiki now automatically creates a draft file of the currently edited
page. In case of an editing interuption (eg. Browsercrash) the draftfile
can be continued later.
darcs-hash:20060311200148-7ad00-919337a51e001136178d175a1755cd26122e9726.gz
This patch simpliefies the configuration of the file and directory creation
modes. There is no need to set the umask anymore. Only the wanted permissions
for files and directories are set. An init function compares the wanted modes
with the ones that would be choosen by the system automatically (consulting
the system's umask) and sets the modes for chmod when needed.
darcs-hash:20060304154038-7ad00-5ef1db3a87e42563a602f9d050c681d2ea74682f.gz
Using the target attribute is considered bad practice. This patch removes
the default targets from dokuwiki.conf and fixes the footer.html of the
default template accordingly
darcs-hash:20060302134306-6e07b-cae2e54472687abb50f7cb97bd6c479b7c7d97d7.gz
Some auth backends allow special chars like whitespaces in user and group
names. This made problems with the existing ACL checks and ACL manager.
This patch makes the ACL system work with these cases by (url)encoding all
special chars below 128.
darcs-hash:20060302101850-6e07b-14bda9dbdb3528904325419b35bb9eddb0d1dde3.gz
* Don't set the umask() anymore, this is not good form and we don't really know what is it in the old code anyway as it was not done properly.
* Retire the dmask config option introduce 2 new ones called fmode and dmode, this is more in line with posix and should make more sense.
* Use chmod for setting the correct permissions but only if it's needed.
* Set changing of permissions off by default as i should work properly in most Apache setups without and it does not make sense on windows anyway.
darcs-hash:20060224211655-ee6b9-68f7bb59417d6f0033cfd3764146923daa4dcf1b.gz
This patch adds optional hierarchical breadcrumbs. This was discussed last
december in http://www.freelists.org/archives/dokuwiki/12-2005/msg00112.html
and followups. Many people where in favour of this.
darcs-hash:20060224155631-21b7e-10f25b7bdf60120ec99850afefd4d1662c5b87aa.gz
This patch addes basic romanization support to the utf-8 library. It
converts non-latin languages to ASCII.
The transliteration tables used where gathered from various places
on the net. I do not speak any of those languages so I can't say how
good they are. Any recommendations and fixes are welcome!
This can be enabled for ID cleaning by setting the deaccent option to 2.
It is also used in the XHTML renderer to generate section ids based
on the header titles. Leading digits and any remaining non-ASCII chars
are removed as well. This is the first step to make section ID always
XHTML compatible. Making sure they are unique is not implemented yet.
darcs-hash:20060210200627-7ad00-61a633563bb92a00ef4a3f699d73117139cbf367.gz
This patch adds a canDo() function to the MySQL backend to
give higher program levels the opportunity to find out what
functions the MySQL backend provides.
Furthermore the option encryptPass was renamed to
forwardClearPass because the old name was misleading and not
clear.
Last but not least the mysql.conf.php was reorganized to make
clear which SQL statements enable which functions.
darcs-hash:20060130192750-7ef76-2ba9388ea56b17e4f26feda74a66b7d9b8da7333.gz
This patch changed the function modifyUser(). Before this update
each data change was applied by deleting and re-adding the complete
user entry. The new function uses the UPDATE SQL statement.
Furthermore all human readable error messages were removed. The
calling procedure is in charge now to inform the user about
failures. Internal debug messages were added. They can be enabled
in the configuration file.
Last but not least the module retrieves the database version now
to handle incompatible features between different MySQL versions.
darcs-hash:20060124190625-7ef76-f6dffabf230155aa51bf3c8569c31fd444634407.gz
This patch addes the automatic creation of Google sitemaps. The map
is created in the DokuWiki root dir and named sitemap.xml.gz if gzip
compression is available - if not the gz extion is skipped.
How often the map is recreated is defined through the $conf['sitemap']
option. It accepts a day value.
darcs-hash:20051126234709-7ad00-6ff4b0e79670cdfa39e615ec9dc40146ffcc9dd4.gz
This patch completes the documentation of the MySQL SQL statements
that are necessary to run the mysql OO auth module in mysql.conf.php.example.
Some pattern names in the code were not in line - fixed.
darcs-hash:20051107210740-4145d-cdf140b6d14664ce9c1a85f67e1bf8feb294c17b.gz
This patch adds the mysql extension to the OO auth system. The SQL statements
are defined in conf/mysql.conf.php.example and needs to be adapted to the
local database. The set of statements work with the database structure described
in conf/mysql.conf.php.example.
This module is beta and heavy testing in different environments is recommended.
The documentation of the SQL statements is not complete yet
darcs-hash:20051106130303-4145d-28acb18584822f8d1eafa1d63e206f2e83f64009.gz
This new option accepts a RegExp to filter certain pages from all automatic
listings (RSS, recent changes, search results, index). This is useful to
exclude certain pages like the ones used in the sitebar templates. The
regexp is matched against the full page ID with a leading colon. If it
matches the page is assumed to be a hidden one.
IMPORTANT: this is not related to ACL. A hidden page is still visible to all
users (if not restricted by ACL) when linked or called directly.
darcs-hash:20051103101726-6e07b-8d45912a1b4f6cfc9e3fce147c15f84a58ea7ca2.gz
This patch allows one to set $conf['im_convert'] to use ImageMagick
instead of PHPs libGD to resize images. convert is more powerful
than libGD - it can resize animated gifs for example.
darcs-hash:20050911140225-c484b-10fbb66d003c839debc98edf814e261bddea3aa6.gz
Updates to the subscription patch to add a configuration option to enable/disable
the feature, move the messages to the language files, and general cleanup
darcs-hash:20050808045034-4c315-88a72dc8d2b22fdd9af8caa0505ef5c737965c86.gz
This patch allows you to add a file named conf/words.aspell with your own
words you don't want the spellchecker to choke on.
Thanks to Steven Danz for code idea
darcs-hash:20050731172612-7ad00-60fb3f09589c4758f1093f532de9699beb048569.gz
This patch correct the meaning of the reference check configuration
options. They become more logical.
refcheck boolean Enable/Disable the reference checker. If set
to '0' the existence of references is not
checked and vica versa.
recshow int defines how many references should be displayed
If set to '0' no references are shown at all.
This meaning is more logical. The first parameter switches the checker
on/off and the second would be set, if the user wanted to see where the
references are and how many should be displayed.
darcs-hash:20050626153207-7ef76-0800eb2e394bf1b9f4233e7698b4d894f4b58e5b.gz
This cleans up the directory structure as discussed on the mailning
list. Users should delete their previous _cache directories to
recover diskspace.
darcs-hash:20050626100913-9977f-83c0fdc32047db2090fc52a843ffae50cbf12248.gz
The options refcheck and refcount were merged to refcheck. This reduces
configuration options and make the function more robust.
darcs-hash:20050617201556-7ef76-47841e0b8713a26b6fb7eacffa9e89752f65ae50.gz
Part 1 only checks for the existance of references.
Part 2 will show where this references are so that the user
could easily find them.
Both parts are configurable:
refcheck
darcs-hash:20050616163425-7ef76-a7fce6cd1ef5d2cc2e4ac3b869969a65c671770a.gz
This patch implements the first step of a media file reference
checker. Every time the user wanted to delete a media file
it would be ckecked for still existing references to this media
file. File deletion is denied if this media file is still in use.
darcs-hash:20050605185038-7ef76-475e5990609587e1b8cee0e155fa6002f1c5b27c.gz
This is nearly a complete rewrite of the gmail like AJAX spellchecker
from http://www.broken-notebook.com/spell_checker/index.php
Here are the differences and features
* seemless integrated into DokuWiki
* no need for the pspell extension
* needs GNU aspell installed (not sure about the version I guess
0.60+ for UTF8)
* needs PHP 4.3.0+
* uses SACK for AJAX
* gets errors and suggestions in one transfer
So far only tested in Firefox. It should work in IE, Safari and
Opera 8, too. Please test and report back.
darcs-hash:20050607194456-9977f-f699144d1fd28359742b2ce0f28c839a1f4cefbb.gz
This patch changes the directory structure of dokuwiki as suggested
in http://www.freelists.org/archives/dokuwiki/06-2005/msg00045.html
As the changes.log is not managed through darcs you need to move it your
self to the new location in data/changes.log
I think I modified the code at all nessessary places, but I may have
forgotten a few things.
darcs-hash:20050605103842-9977f-af20f63c1d604888375d175d89ac6bd71566d47d.gz
This patch allows the method for hashing (onewaycrypting) the user passwords to
be set with $conf['passcrypt']. Available are MD5, salted MD5, SHA1 salted SHA1 (SSHA)
and the old Unix crypt (2 char seed).
This change was inspired by a mail from Chris Brotherton (thanks for making me think about this)
darcs-hash:20050513152248-9977f-2358b26449ed865a981c8558308a2857ba17c12f.gz
This patch extends the user registration with a more direct
way without the need for an valid email address. The user
password is queried in the registration form and not automatically
generated and sent by email. This mode could be configured with the
new option 'autopasswd'. Some new texts were added for translation
but only english and german translation databases have been updated
yet.
darcs-hash:20050508200129-45302-ad4f2cf1d18514c76373cb6d6015e74712638402.gz
I just read "Don't make me think!" by Steve Krug, about
web usability, and I liked its common sense a lot.
One message was that every page should have a title,
and that it should literally match what you click to
get there.
This patch tries to automate that for Dokuwiki. In wiki
page links, it will fetch the first heading (the title)
and use it as the name in links (unless an explicit other
name is defined in the link). The same is done for
the breadcrumbs (at least the default ones). I believe
all this should make navigation easier. The feature
is enabled/disabled with a configuration variable
called $conf['useheading'].
TO DO: more testing. Check whether the first heading is
at a unique high level (probably easier when true parsing
will be used.) Check hierarchical breadcrumbs. Perhaps
omit the title from the automatic table of contents,
and perhaps adapt the toc intentation of the lower
level headings.
darcs-hash:20050326130557-45605-bf7fdaf29e61924f2631af1bb95177ee0415c24d.gz
Andreas Gohr