Ignore-this: c5eb865293d3f28cdf3bcb18f942f323

darcs-hash:20090130093753-7ad00-c269f5cd90eaf959fc46d3ad1c5e3a8b26df44d2.gz

Ignore-this: 7c662f92b5b2a94faf57c4c716dada3a

darcs-hash:20090126174421-7ad00-ce2c5ec1353f774e7bbeaf358117f68e7df2a32b.gz

darcs-hash:20090116233507-f7d6d-aaff15652d2e698a4403b3386b5b1eb6c0fa38f3.gz

With this patch it is possible to define if a file should be served as download
or be displayed inside the browser (if supported) by configuring it in
conf/mime.conf

Mimetypes that should be served with a "Content-Disposition: attachment" header
need to be prefixed with a exclamation mark. All others will be served inline.

This will also fix a Problem with Flash 10.

darcs-hash:20081202210322-7ad00-6e7ef30aff9322cd135311be77809187da121f3b.gz

darcs-hash:20081012155022-2b4f5-177571b9b176bb822015623b62b4d35b98a93d7b.gz

darcs-hash:20081012144253-23886-c904f82c559c3ad5477bf921e93cb439a212134d.gz

darcs-hash:20081012113150-7ad00-6408da058bdb6c923159d445e03b76f54b579362.gz

darcs-hash:20081011190300-23886-3d5d5e2d1774a802ce9da841812a8838b2945d86.gz

We now handle this through our own plugin

darcs-hash:20081010200648-7ad00-f7c94c2d4e7f099c5a9d7e5381423c67e306d73a.gz

At present, DW shows the username on the bottom left under "logged in as", and the login name for "last modified", "locked by" and under
revisions/recent changes. In a corporate environment, particularly when integrated with a Single Sign-On system, the login name may be somewhat
unfriendly. This patch makes the "logged in as" the same as the value used elsewhere and also allows an admin to decide whether it should be the
login name, username or e-mail address that is displayed. The e-mail address may also, optionally, be a mailto: link. E-mail addresses are
obfuscated according to the 'mailguard' setting. The default behaviour is to show the login name which is no change from previous behaviour for the
"last modified"/"locked by"/revisions/"recent changes", but is a change for the "logged in as".

darcs-hash:20081001152914-6ad63-9cd7174068ac55de381f1318a4401f8c51de5b0c.gz

This patch adds the httponly option to the PHP session cookies and DokuWiki's
auth cookie when supported by the PHP version.

It also adds a new config option 'securecookie' which is enabled by default.
It makes sure the browser will not sent a cookie set via HTTPS over a
non-secured connection. This option has to be disabled for wikis that only
protect the login with SSL but not the whole wiki.

darcs-hash:20080912224922-7ad00-d5275147ba9d17a9f6defa8a51ca720da74ba8a0.gz

darcs-hash:20080815134211-f7d6d-61f4f4fa1c5f62832d7cc5ad3e3a7a78460d2981.gz

The official wiki is now at www.dokuwiki.org

darcs-hash:20080810173029-7ad00-fbd35921ff3c2c5557f33750bedd4553b0abdd70.gz

darcs-hash:20080727180710-7ad00-efa9dfa1021e8e5580e28f0d6b791f63296138d8.gz

darcs-hash:20080505170542-7ad00-93a5ef64ba6eacceecf37921699a63286b02ee48.gz

darcs-hash:20080504185355-7ad00-c8ac1fa6a50a4226ef17bf7dd8b34065c177276e.gz

darcs-hash:20080411141012-7ad00-b375248f86301812f1a56758ff2b9e89dea0d19c.gz

darcs-hash:20080331180649-7ad00-a38029f32d12ab21506ca4ccf3c36f55eaa12962.gz

This patch is the fourth in a series aimed at making it easier for DW to allow
plugins to modify the standard handling of line-breaks.

It adds:
- new config setting 'renderer_xhtml', default value 'xhtml'
- new renderer method 'reset()' which is used by reusable renderers when used
  to render second and subsequent data. (*)

An extra step has been added to the renderer selection process.
- check $conf["renderer_$mode] for renderer name.  If it doesn't exist use $mode as
  the renderer name.

(*) It maybe that the 'document_start()' method can be used for this.  However the
current xhtml does not correctly reset itself for reuse.

darcs-hash:20080312005647-f07c6-ff2cb960c05927f5c6f3e916a364fcad470c2ce3.gz

darcs-hash:20080227213050-23886-e55353ab04f9d23675ec11a9e97ba6affec719fc.gz

This patch allows $conf['superuser'] and $conf['manager'] to be lists
of values instead of only a single value. So one can put:

  $conf['superuser']

darcs-hash:20080227142515-19e2d-c160914589f71531583e7ddaab1fc6a81996efa1.gz

This patch replaces the use of the date() function with the strftime()
function. The latter will respect a set locale and will use localized
strings for things like month names.

Because the format options for strftime differ from the ones used in date,
DokuWiki will rest the value of $conf['dformat'] if it contains an old
date format string (detected by missing % characters).

Plugins or templates using the $conf['dformat'] need to be updated.

darcs-hash:20080223124045-7ad00-6afb2b839afc58781463e25577e06adb675fff79.gz

darcs-hash:20080118230312-23886-acd8758fc95eb64788533feca4afd5fbb207c290.gz

With spell checkers available in all modern browsers, having a spell checker in
DokuWiki's core code is no longer necessary. This patch removes the spell
checking feature. It will be made available as optional plugin.

darcs-hash:20071123125840-7ad00-faf7aa4673421dbb3fad904ba5b46b4927a5176d.gz

This patch enables the use of the X-Sendfile extension offered by certain
webservers to deliver static files after running a dynamic script. This
combines the flexibility of a PHP file to check for authorization, caching
and resizing with the low memory footprint and high performance of static
file delivery of the webserver.

See http://blog.lighttpd.net/articles/2006/07/02/x-sendfile for details

darcs-hash:20071008185019-7ad00-1e6d4768fb60d58955e4253c7786eaf8cf13d0bb.gz

darcs-hash:20070719122538-7ad00-6c49f72bc490f27718d25f105fd762982631bd7b.gz

darcs-hash:20070718110715-7ad00-5b3ca5a70447306ca92c3a35b9d13dd0cf7afa7a.gz

The feed now can export diff views (unified and HTML) as well as full HTML
page content.

Some things might be broken. Everybody please test it!

darcs-hash:20070711213624-7ad00-49359417127fdbd6e31374738509110271b6b351.gz

darcs-hash:20070626182517-7ad00-eedd1d5d52954076d4518235772e6199233d93c2.gz

darcs-hash:20070626173537-7ad00-8a6d2b90ef9413556f8d6dbb6ac2e65619616c48.gz

Because correct smart quote parsing with regular expressions is nearly
impossible, especially when dealing with quote usage in languages different
from english, the typography configuration option was changed.

0 means to completely disable any typography replacements
1 will only handle the multiply entitity and double quotes, this should
  nearly always work without problems and is the new default
2 will add singlequote parsing. This might break because single quotes and
  apostrophes are not always easily distinguishable. Especially in languages
  where single quote openings and apostrophes are different characters you
  might experience problems. For english it should nearly always work.

darcs-hash:20070613184015-7ad00-0cebc3f807f54467d54458075c5c9f651355c5ba.gz

This fix adds a new configuration setting, 'auth_security_timeout', which controls the duration (seconds) before authentication
information is rechecked.  The default value is set to 900 seconds (15 minutes). Wiki installations particularly concerned
about security should set this value to 0.

DokuWiki maintains a copy of the most recent authentication details in both a browser cookie and server session.  Normally these
values are compared on each page visit.  If the comparison passes the user is accepted. The same data will be used over and
over until either the cookie or the session expires.  FS#1085 is concerned with updates to the original authentication data not
being able to affect this comparison.  The new 'auth_security_timeout' setting will force expiration of the saved data after the
specified period has elapsed.

Re-authentication may affect page response, especially on systems which use remote authentication systems.

This fix is considered partial and should be reviewed after the next release with a view to extending the authentication class
to allow those mechanisms which are able to control when DW should revoke authentication.

darcs-hash:20070528194747-d26fc-f471004da604eb66f7131c470e446b98c29d801b.gz

darcs-hash:20070524172905-7ad00-a3635da93981b1cc6063143b6a4c2883fb0fe8b9.gz

This disables the last patch and adds an option to enable it on demand.

darcs-hash:20070511200235-7ad00-a3ea769bc4965710b7fd261d31e2c9f8a3d9d7f5.gz

darcs-hash:20070411194508-7ad00-e0373de561bdd3c5154a4fc230a143be0e6f8699.gz

darcs-hash:20070330225252-d5083-cc2f5e0ad8e5073c10e69d6ba5fa192468a0f1f5.gz

darcs-hash:20070226175529-7ad00-4d3d984da1edbf2ded546cfbd7374f97f032d032.gz

darcs-hash:20070224144211-7ad00-fc0695dc9290bd5d4192eb9d76ba3cafa2125d8f.gz

darcs-hash:20070224131623-7ad00-cd82685db94b50be942a6d71293010aa8fdabdfa.gz

Following the problem with IE's mimetype handling described at
http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting
this patch adds a new option (on by default) to check the first 256
bytes of uploaded files against a list of a few HTML tags and denies
the upload of such a file. In rare occasions this may block harmless
and valid files, but that's price we have to pay for Microsoft's
stupidity.

Users who need HTML uploads should disable this check. (Don't do that on
open Wikis!)

darcs-hash:20070224124458-7ad00-0ced616d06f563515b36a0a6871b5ba50229c946.gz