Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.

The new COMMON_PAGE_FROMTEMPLATE is triggered by pageTemplate AFTER the template
has been read but before performing the template replacements.

darcs-hash:20091130135040-e4919-40b6614fe28ea07dc5796661ddda6d005264ddbc.gz

Ignore-this: b74163181c2e41d3be022a6185f3e1c1

darcs-hash:20091124115805-6e07b-e808cf44a00a65ff8c70cc7e8de4dfedadf96cbd.gz

Ignore-this: c34455078907459a846cf7f00e2b586b

darcs-hash:20091123161603-6e07b-927477d6ca50e665228487eb0d3ce9787dbe455b.gz

darcs-hash:20091201115019-e4919-fe83e3d69eb997d0c04064b46117690824fe4daf.gz

darcs-hash:20091119142845-e4919-5394617fd83d4de22673491b868f7040c25fb290.gz

Ignore-this: f43d3f070cfae4040e0e70648d0e541a
The XMLRPC backend will not trim whitespaces or newlines from string values
anymore.

darcs-hash:20091219151652-7ad00-94d6cb26ff6396e09f107cf09dccb5423680c5c9.gz

Ignore-this: c389f8d2428f3e0bba2d1c736ef9ee78

darcs-hash:20091128170811-7ad00-8ef06583981a7cdab32b96278590a5aa82cedb74.gz

Ignore-this: 517a7546aab86c5370cccf1aa2171490

Parameters passed to dokuwiki.getPagelist and wiki.getAttachments could
contain the option "skipacl" which would prevent ACL checking. This
could leak information about usually non-readable files (like filenames,
sizes and so on). The content of the files was not accessible.

XMLRPC is disabled by default.

darcs-hash:20091116220523-7ad00-0fa8a9a7a52076619c6836738f9a1f00a6dafe27.gz

Ignore-this: 76fa6cff9e537289d6c017faa7d48a52

darcs-hash:20091115153844-7ad00-137d4253cbd9fd2dab888c22a3170bd70b90958e.gz

Ignore-this: adff36f3e49963a6682b5faabf6cb63e

darcs-hash:20091115153119-7ad00-2c20c420faeea08c113a76acc05917621f361880.gz

Ignore-this: ffb20375a09483502d61241d76877a8d

darcs-hash:20091105213452-533a7-f09aca121cf24a8b6ad2d3448d058a846cb52182.gz

  Changes of behaviour are:
  * Allow the user name, title & description \e2\80\9c0\e2\80\9d
  * Default to Port 443 if using HTTPS
  * Set $INFO['isadmin'] and $INFO['ismanager'] to \e2\80\9cfalse\e2\80\9d even if no user is
    logged in
  * Do not pass empty fragment field in the event data for event
    ACTION_SHOW_REDIRECT
  * Handle chunked encoding in HTTPClient

darcs-hash:20091104100115-e4919-5cf6397d4a457e3f98a8ca49fbdab03f2147721d.gz

darcs-hash:20091028090548-e4919-00a3fec308ce29b5bac24ee1038081a3bc06f62f.gz

Ignore-this: 48f0da3ab0bf0178197b16e63143e1ca

darcs-hash:20091102130115-6e07b-d10e1c076791cdeb08b87ec76d6be8730228c8fb.gz

Ignore-this: 77e61d0082fe6eb8f43059fb5da67eee

darcs-hash:20091018203240-7ad00-4530a8b64af79bc844f50e3c0988e466fb09351c.gz

Ignore-this: bab31d8f21840cf36b3e6fbe9c0b1b63

darcs-hash:20091014112449-6e07b-c298b41cfee8940c01f515b399fcf1a2da0fb237.gz

Ignore-this: 7193cd788fee2c05a9068bf6edd5dc17

It is now possible to use the %f placeholder in $conf['dformat']
to add a fuzzy age string.

Template developers and plugin authors should replace their strftime +
$conf['dformat'] calls with calls to the new dformat() function.

Example:

   %Y/%m/%d %H:%M (%f) produces dates like this:

   2009/09/16 10:36 (3 weeks ago)

darcs-hash:20091007133614-6e07b-677108d1b43928ef8fd886813e43514507b5e073.gz

Ignore-this: 27ea52110bce929b2c61ed8faba67cfc

darcs-hash:20091016205526-c0bf4-35eba4e65d37980a667ba982f7f1ea5b7b07f01c.gz

Ignore-this: e25dcba3daa9d89efbeb1bfdfe0f24bb

darcs-hash:20091006201146-7ad00-ca35f4e0bd96cbe008fb77ae8391de2a74b9fc49.gz