- Jan 02, 2019
-
-
ThorPrestboen authored
-
- Dec 26, 2018
-
-
En Matt authored
-
- Dec 22, 2018
-
-
HokkaidoPerson authored
-
- Dec 15, 2018
-
-
Schplurtz le Déboulonné authored
-
- Dec 12, 2018
-
-
Jacob Palm authored
-
- Dec 10, 2018
-
-
Frederico Gonçalves Guimarães authored
-
- Dec 08, 2018
-
-
HokkaidoPerson authored
-
- Nov 29, 2018
-
-
Michael Hamann authored
Due to the changes in 8f34cf3d, the ACL check in search_allpages was only executed when 'skipacl' has been explicitly set to false. Otherwise, only ACLs for namespaces were checked (unless the sneakyacl option was passed). The documentation states that the default for 'skipacl' is false, so setting it to false shouldn't be necessary. From all I can see, this does not concern DokuWiki itself as search_allpages is never used without the 'skipacl' option explicitly set to true or false. However, this causes serious security issues in plugins that rely on this ACL check in search_allpages like the include plugin.
-
- Nov 28, 2018
- Nov 27, 2018
-
-
Andreas Gohr authored
parameters were in the wrong order
-
Traend authored
-
Traend authored
-
- Nov 24, 2018
-
-
HokkaidoPerson authored
-
- Nov 23, 2018
-
-
Márcio Gomes Gonçalves authored
-
- Nov 20, 2018
-
-
Jürgen Fredriksson authored
-
Jürgen authored
-
Katerina Katapodi authored
-
Katerina Katapodi authored
-
Katerina Katapodi authored
-
- Nov 19, 2018
-
-
Alex Cachinero authored
-
- Nov 14, 2018
-
-
Hakan authored
-
- Nov 11, 2018
-
-
HokkaidoPerson authored
-
- Nov 10, 2018
-
-
En Matt authored
-
- Nov 06, 2018
-
-
Laurent Ponthieu authored
-
- Nov 05, 2018
-
-
Schplurtz le Déboulonné authored
shorter lines, and alignment in text messages. rewrite fr/install.html.
-
-
Anael Mobilia authored
- mostly undo fde7e5a6 - restore author and formatting of de78e4ef
-
Schplurtz le Déboulonné authored
- mostly undo fde7e5a6 for inc/lang/fr/pwconfirm.txt - apply short line length to all lines
-
Florian Gaub authored
- mostly undo fde7e5a6 for inc/lang/fr/revisions.txt - restore text and author of c1fe9e9f
-
-
- Nov 03, 2018
-
-
HokkaidoPerson authored
-
En Matt authored
-
HokkaidoPerson authored
-
- Oct 30, 2018
-
-
Andreas Gohr authored
instead the visibility is properly checked in the visibleInContext() method.
-
Andreas Gohr authored
Since we want to check the access to the Admin plugins on an individual basis, we need to grant access to all logged in users at first. This means a user could access the admin page, but would not see any plugins available.
-
Andreas Gohr authored
This adds a new method that capsulates the access check that has to be done to decide if an admin plugin's page should be shown to the user. The default implementation is the same as before, relying only on the forAdminOnly() method and the users' isadmin or ismanager status. Admin plugins themselves can override the method to do additional checks. In this patch, I added that to the usermanager plugin which will only return true if the current auth backend can list users. However the real idea behind this change is that the new method emits a new event called ADMINPLUGIN_ACCESS_CHECK which would allow plugins to overwrite it. This way it could be possible to give certain user groups access to certain admin plugins without giving them admin or manager permissions. Note: this does not change how the "Admin" link is shown, it still depends on ismanager or isadmin. A plugin as mentioned above would need to influence the display via the MENU_ITEMS_ASSEMBLY event. Note: this only covers the basic access check. Admin plugins may need further adjustments for access to other parts of the plugin (like AJAX components). An additional commit will update this for the bundled plugins.
-
- Oct 26, 2018
-
-
peterfromearth authored
-
- Oct 17, 2018
-
-
Schplurtz le Déboulonné authored
-
Schplurtz le Déboulonné authored
-
