There were a few problems with name encoding for groups and users
introduced in the recent aclcheck change

darcs-hash:20080226172257-7ad00-d591f0d2f2219a2b23f93060c65b8fb5f46bd1d7.gz

darcs-hash:20080215154316-7ad00-d052e2eed8e47e62ff639cd66d7debb4bfd293fc.gz

darcs-hash:20080215121716-7ad00-35d275212e0e3c41626ed64d9096aad10f4ad2db.gz

A reference file is now stored in data/cache/sessionpurge and is used to
check if user sessions are still valid.

To accomondate for slow auth backends DokuWiki caches user info for
a certain time in the user session.

darcs-hash:20080215114923-7ad00-6874d5211efce7d07e54de37244becc2387c1ba7.gz

darcs-hash:20080213214505-7ad00-8ff1974ccbab38168f95072faaeb53134f95b926.gz

darcs-hash:20080212213222-19e2d-d8a2261fa83d6482afe213ffb41611ae723811de.gz

darcs-hash:20071102181850-7ad00-9c2c9b0ef953274b8abdadd95c53e8f4e1982810.gz

The use of realpath() to clean up relative file names caused some
trouble in certain setups relying on symlinks or having restricitve
file structure setups.

This patch replaces all realpath() calls with a PHP only replacement
which should solve those problems.

darcs-hash:20070930184250-7ad00-512ff04c95f57fc9eaf104f80372237a3c94286f.gz

This patch adds a security token to all forms generated through the new
form class. However it is only checked for possible dangerous actions like
editing or profile changes.

darcs-hash:20070830191429-7ad00-445efea47a09a4823dfe9e3434ba5b355a80daf6.gz

darcs-hash:20070819211829-7ad00-7f2dbd3d7ad6b4568b8f34209fbcffda6e110f4c.gz

darcs-hash:20070805203312-d26fc-cab8dbfff8a2d5f7299fa4462771bafc00135728.gz

darcs-hash:20070625210929-7ad00-034c5839bbca3e697d360f72dffcf9d927fea755.gz

Instead of disabling the whole ACL feature when the auth backend is unavailable
just degrade the user to an anonymous user.

darcs-hash:20070625205228-7ad00-19cfa3c302b4ee63f0a6562823c5d550f9c9755c.gz

Introduces a DOKU_REL constant always pointing to the DokuWiki directory regardless
of the used canonical setting.

darcs-hash:20070603191451-7ad00-a5227a3632b3337f5da90551d3166d9b5db56638.gz

This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication
information is rechecked.  The default value is set to 900 seconds (15 minutes). Wiki installations particularly concerned
about security should set this value to 0.

DokuWiki maintains a copy of the most recent authentication details in both a browser cookie and server session.  Normally these
values are compared on each page visit.  If the comparison passes the user is accepted. The same data will be used over and
over until either the cookie or the session expires.  FS#1085 is concerned with updates to the original authentication data not
being able to affect this comparison.  The new 'auth_security_timeout' setting will force expiration of the saved data after the
specified period has elapsed.

Re-authentication may affect page response, especially on systems which use remote authentication systems.

This fix is considered partial and should be reviewed after the next release with a view to extending the authentication class
to allow those mechanisms which are able to control when DW should revoke authentication.

darcs-hash:20070528194747-d26fc-f471004da604eb66f7131c470e446b98c29d801b.gz

darcs-hash:20070302100506-19e2d-342a0477340aa6b2c5fb7e08c520053b7dc33608.gz

This saves a lot of ACL lines for users namespaces for example:

users:*               @ALL        1
users:@USER@          @USER@      8

darcs-hash:20070301230309-19e2d-90a00b70a2af546fd5194ade614c130e9f7864eb.gz

darcs-hash:20070106122851-7ad00-9b3b2923e2f917107b29c4dacfc1047b2845a5db.gz

darcs-hash:20070109213155-7ad00-9594bbf5c0730221b46f31bb40f31997a09ab4b4.gz

This patch adds support for a manager option as suggested in
http://www.freelists.org/archives/dokuwiki/11-2006/msg00314.html

darcs-hash:20061203134104-7ad00-72ff6422bbb4f79be325c7e77255e1eee32d0f6b.gz

A simple event to inject additional HTML into the editform. This probably
needs to be improved.

darcs-hash:20061114220825-7ad00-ce868b8d8a25f5120c49dc018b8fd1024aff6e12.gz

darcs-hash:20061104174349-9b6ab-74e7c5a3e7a14d12253d36a9d09a35866125a7ec.gz

darcs-hash:20061103160700-7ad00-01c7039c591ebdffcbe283984b23b2bb4ed4bc74.gz

This patch changes the DOKU_COOKIE define to be based on the DOKU_URL define.
DOKU_COOKIE is now used as session key as well, making sessions no longer
dependend on the title option. This should fix problems with multiple
wikis on the same host (using the same title) and wikis accessed through
different URLs.

darcs-hash:20061003121546-7ad00-aea4c256b7752815ed422ce74a659152a601d267.gz

darcs-hash:20060923203609-9b6ab-ecca679faa254a29772868508050fcf3206b0814.gz

actions which concern multiple pages (e.g. search, backlinks, recents)
end up repeatedly encoding the current user's name and groups. This
change caches the results of the encoding allowing them to be reused.

darcs-hash:20060923161206-9b6ab-a3ec8f1c2ec284d84b9ff85cba1e56165b2967a7.gz

This moves the defines for the different AUTH levels higher up in inc/auth.php
to set them before including any auth modules. This fixes a problem with the
phpBB auth module posted at
http://wiki.splitbrain.org/wiki:tips:integrate_with_phpbb#another_phpbb.class.php

darcs-hash:20060906184814-7ad00-679bd636730e21dca45b9baaf721fb3b34a8695a.gz

This patch updates only the english version of the localised
"registermail.txt" file.  Other versions need to be updated also.

darcs-hash:20060822072444-9b6ab-ff6cb5bc78277c383e82c3986eeb16168e86c27b.gz

- move parser.test.php

darcs-hash:20060809192115-9b6ab-973fea51fbfdcf5f44a2ac66000f2ccb5fdd43b4.gz

darcs-hash:20060805163147-7ad00-77e7d9cd88f012cd2ecc6275a574abde30f4a9be.gz

darcs-hash:20060805082442-9b6ab-8447755da8c66c5cfc3ee0df0f8bb97375a2a1ff.gz

darcs-hash:20060804142243-9b6ab-d208f7f1a67a9958fda05c519c8407ad5e733cea.gz

This patch changes the password reset function to a two-stage process.
After requesting a new password a confirmation email is sent first, only
if the link contained in this mail is used the password is changed for real.

This makes sure malicious people can't reset passwords for other users.

darcs-hash:20060714110548-7ad00-c1e23fd51cc2d2f16473914421ebe0f9c3b2ba8c.gz

This patch adds a config option to disable certain internal action commands of
DokuWiki's main dispatcher.

The options resendpasswd and openregister were removed because they can now set
through this new option.

The config plugin needs to be adjusted.

darcs-hash:20060702121622-7ad00-1e80e77bcfb0ae561fe7abd79cfbe1bb158be720.gz

A small patch for dokuwiki which enables dokuwiki to notify the
administrator about new user registrations

darcs-hash:20060615194419-022eb-51630aff3c6d93abc656742fc0bc723b93f97734.gz

darcs-hash:20060531191114-7ad00-ee7498f6a9e047fc9eda5f8754f85d9b8a3317d5.gz

If no credentials where given (either by form or former cookie) it is
checked if credentials from a former HTTP based authentication are
available. Those will be tried for login then.

This only works with PHP running as Apache module.

darcs-hash:20060507161224-7ad00-7ba0a6e871cf5319038e83672a2ff05ef23c124b.gz

darcs-hash:20060307192928-7ad00-1ec5393d63d536992810fe8f611525d2af4834a2.gz

darcs-hash:20060303180548-7ad00-db294c2c5c10c8df69ebae7596e64e1af4d9bc35.gz

Some auth backends allow special chars like whitespaces in user and group
names. This made problems with the existing ACL checks and ACL manager.
This patch makes the ACL system work with these cases by (url)encoding all
special chars below 128.

darcs-hash:20060302101850-6e07b-14bda9dbdb3528904325419b35bb9eddb0d1dde3.gz