Commits · 6f6d10bd56ad7efdac907a8b53e404ed51324b32 · BRIC / dokuwiki

Dec 29, 2015
- Partial Plugin Translation for Welsh · 6f6d10bd
  diafol666 authored 9 years ago
  
  Plugin translation #1
  6f6d10bd
Nov 17, 2015
- translation update · 755031bf
  Michael Große authored 9 years ago
  
  755031bf
Nov 08, 2015
- Update help.txt · 01dcc157
  Alvaro [Andor] authored 9 years ago
  
  Updated a word wrongly written on spanish
  01dcc157
Aug 28, 2015
- translation update · a51304ac
  Kiril authored 9 years ago
  
  a51304ac
Aug 01, 2015
- translation update · 09ff5cd8
  Myeongjin authored 9 years ago
  
  09ff5cd8
Jul 26, 2015
- updated dates in various info.txt files · 2e206e75
  Anika Henke authored 9 years ago
  
  2e206e75
Jul 25, 2015
- remove IE7 support · 17a19868
  Anika Henke authored 9 years ago
  
  17a19868
Jul 15, 2015
- translation update · 70eb84aa
  Hideaki SAWADA authored 9 years ago
  
  70eb84aa
Jul 12, 2015
- changed all input type=submit buttons to button type=submit button for better stylability · ae614416
  Anika Henke authored 9 years ago
  
  ae614416
Jun 30, 2015
- PHPDocs for remote and action · 67b479b2
  Gerrit Uitslag authored 9 years ago
  
  67b479b2
May 14, 2015
- translation update · dfd8384e
  Eduard Díaz authored 9 years ago
  
  dfd8384e
May 08, 2015
- Fix variable name typo · 2b71c2ee
  Patrick Brown authored 9 years ago
  
  2b71c2ee
May 07, 2015
- Use io_replaceInFile for updating auth · 699e3c49
  Patrick Brown authored 9 years ago
  
  699e3c49
Apr 16, 2015
- translation update · d15f7f88
  Tomas Darius Davainis authored 9 years ago
  
  d15f7f88
Feb 24, 2015

check permissions in ACL plugin's RPC API component. #1056 · 9cbf80e6

Andreas Gohr authored 10 years ago

Security Fix

Severity: Medium
Type:     Remote Priviledge Escalation
Remote:   yes

Vulnerability Details:

This fixes a security hole in the ACL plugins remote API component. The
plugin failed to check for superuser permissions before executing ACL
addition or deletion. This means everybody with permissions to call the
XMLRPC API also had permissions to set up their own ACL rules and thus
circumventing any existing rules.

Risk Assessment:

The XMLRPC API in DokuWiki is marked experimental and off by default. It
also implements an additional safeguard by giving access to a configured
circle of users and groups only. So only a minor number of DokuWiki
installations will be affected at all.
For affected installations the risk is high if users with access to the
API are not to be trusted.
Thus the overall severity of medium.

Resolution:

Installations applying this commit are safe. A hotfix is about to be
released. Meanwhile users are advised to disable the XMLRPC API in the
config manager.

9cbf80e6

Jan 14, 2015
- Losslessly reduced PNG images with optipng -o7 -strip all, advdef -z4 -i60, and advpng -z4 -i60. · 5af3d1cd
  KeenRivals authored 10 years ago
  
  5af3d1cd
Dec 30, 2014
- translation update · ead851a8
  Marian Banica authored 10 years ago
  
  ead851a8
Dec 13, 2014
- translation update · d52dfa3a
  Jaroslav Lichtblau authored 10 years ago
  
  d52dfa3a
Oct 15, 2014
- translation update · dfc5e46c
  Yadav Gowda authored 10 years ago
  
  dfc5e46c
Oct 01, 2014
- Many PHPDocs, some unused and dyn declared vars · 42ea7f44
  Gerrit Uitslag authored 10 years ago
  
  many PHPDocs some unused variables some dynamically declared variables declared
  42ea7f44
Sep 29, 2014
- more scrutinizer issue improvements · 59bc3b48
  Gerrit Uitslag authored 10 years ago
  
  59bc3b48
Sep 16, 2014
- translation update · c3df44ff
  Schplurtz le Déboulonné authored 10 years ago
  
  c3df44ff
Aug 02, 2014
- updated dates in info.txt of various plugins and template · 75112fc5
  Anika Henke authored 10 years ago
  
  75112fc5
Jul 12, 2014
- translation update · 4ad66524
  Yuthana Tantirungrotechai authored 10 years ago
  
  4ad66524
Jul 10, 2014
- translation update · 19accab5
  Davor Turkalj authored 10 years ago
  
  19accab5
May 30, 2014
- translation update · 3dc40276
  Aivars Miška authored 10 years ago
  
  3dc40276
May 15, 2014
- Move colon from code to language strings · fde860be
  Gerrit Uitslag authored 10 years ago
  
  fde860be
Apr 26, 2014
- translation update · 6dda14c9
  Myeongjin authored 10 years ago
  
  6dda14c9
Apr 22, 2014
- translation update · da2c1fba
  Myeongjin authored 10 years ago
  
  da2c1fba
Mar 13, 2014
- translation update · b0fedecc
  Janar Leas authored 11 years ago
  
  b0fedecc
- translation update · 3e8d68b4
  Janar Leas authored 11 years ago
  
  3e8d68b4
Mar 12, 2014
- translation update · abaffa74
  Janar Leas authored 11 years ago
  
  abaffa74
Mar 11, 2014
- translation update · 68321121
  Aleksandr Selivanov authored 11 years ago
  
  68321121
Mar 08, 2014
- translation update · 8a944044
  Janar Leas authored 11 years ago
  
  8a944044
Mar 06, 2014
- translation update · e26a5837
  Janar Leas authored 11 years ago
  
  e26a5837
Mar 05, 2014
- improvements in acl plugin to avoid missing var errors · d072820d
  Christopher Smith authored 11 years ago
  
  d072820d
- use empty() where array values might not be set · 0e80bb5e
  Christopher Smith authored 11 years ago
  
  0e80bb5e
Jan 24, 2014

removed empty language files · 975e2a19

Andreas Gohr authored 11 years ago

our translation interface used to submit empty files for a while but no
longer does, so these can go

975e2a19

Dec 30, 2013
- translation update · b21beefd
  Ivan Peltekov authored 11 years ago
  
  b21beefd
Dec 19, 2013
- translation update · eced6aea
  Dương Văn Hoàng authored 11 years ago
  
  eced6aea