diff -Naur dokuwiki-2010-11-07/data/deleted.files dokuwiki-2010-11-07a/data/deleted.files --- dokuwiki-2010-11-07/data/deleted.files 1970-01-01 01:00:00.000000000 +0100 +++ dokuwiki-2010-11-07a/data/deleted.files 2011-01-16 19:04:06.000000000 +0100 @@ -0,0 +1,242 @@ +# This is a list of files that were present in previous DokuWiki releases +# but were removed later. An up to date DokuWiki should not have any of +# the files installed +# A copy of this list is maintained at +# http://www.dokuwiki.org/install:upgrade#files_to_remove + + +# removed in 2010-11-07 +inc/lang/ar/subscribermail.txt +inc/lang/az/subscribermail.txt +inc/lang/bg/subscribermail.txt +inc/lang/ca/subscribermail.txt +inc/lang/ca-valencia/subscribermail.txt +inc/lang/cs/subscribermail.txt +inc/lang/da/subscribermail.txt +inc/lang/de-informal/subscribermail.txt +inc/lang/el/subscribermail.txt +inc/lang/eo/subscribermail.txt +inc/lang/es/subscribermail.txt +inc/lang/et/subscribermail.txt +inc/lang/eu/subscribermail.txt +inc/lang/fa/subscribermail.txt +inc/lang/fi/subscribermail.txt +inc/lang/fo/subscribermail.txt +inc/lang/fr/subscribermail.txt +inc/lang/gl/subscribermail.txt +inc/lang/he/subscribermail.txt +inc/lang/hr/subscribermail.txt +inc/lang/hu/subscribermail.txt +inc/lang/id/subscribermail.txt +inc/lang/is/subscribermail.txt +inc/lang/it/subscribermail.txt +inc/lang/ja/subscribermail.txt +inc/lang/ko/subscribermail.txt +inc/lang/ku/subscribermail.txt +inc/lang/lt/subscribermail.txt +inc/lang/lv/subscribermail.txt +inc/lang/mr/subscribermail.txt +inc/lang/ne/subscribermail.txt +inc/lang/nl/subscribermail.txt +inc/lang/no/subscribermail.txt +inc/lang/pl/subscribermail.txt +inc/lang/pt-br/subscribermail.txt +inc/lang/pt/subscribermail.txt +inc/lang/ro/subscribermail.txt +inc/lang/ru/subscribermail.txt +inc/lang/sk/subscribermail.txt +inc/lang/sr/subscribermail.txt +inc/lang/sv/subscribermail.txt +inc/lang/th/subscribermail.txt +inc/lang/tr/subscribermail.txt +inc/lang/uk/subscribermail.txt +inc/lang/zh/subscribermail.txt +inc/lang/zh-tw/subscribermail.txt + +# removed in rc2010-10-07 +conf/msg +inc/lang/bg/wordblock.txt +inc/lang/ca-valencia/wordblock.txt +inc/lang/ca/wordblock.txt +inc/lang/cs/wordblock.txt +inc/lang/da/wordblock.txt +inc/lang/de-informal/wordblock.txt +inc/lang/de/subscribermail.txt +inc/lang/de/wordblock.txt +inc/lang/el/wordblock.txt +inc/lang/en/subscribermail.txt +inc/lang/en/wordblock.txt +inc/lang/eo/wordblock.txt +inc/lang/es/wordblock.txt +inc/lang/et/wordblock.txt +inc/lang/eu/wordblock.txt +inc/lang/fa/wordblock.txt +inc/lang/fi/wordblock.txt +inc/lang/fo/wordblock.txt +inc/lang/fr/wordblock.txt +inc/lang/he/wordblock.txt +inc/lang/hr/wordblock.txt +inc/lang/hu/wordblock.txt +inc/lang/id/wordblock.txt +inc/lang/it/wordblock.txt +inc/lang/ja/wordblock.txt +inc/lang/ko/wordblock.txt +inc/lang/ku/wordblock.txt +inc/lang/lt/wordblock.txt +inc/lang/lv/wordblock.txt +inc/lang/mg/wordblock.txt +inc/lang/mr/wordblock.txt +inc/lang/nl/wordblock.txt +inc/lang/no/wordblock.txt +inc/lang/pl/wordblock.txt +inc/lang/pt-br/wordblock.txt +inc/lang/pt/wordblock.txt +inc/lang/ro/wordblock.txt +inc/lang/sk/wordblock.txt +inc/lang/sl/wordblock.txt +inc/lang/sr/wordblock.txt +inc/lang/sv/wordblock.txt +inc/lang/th/wordblock.txt +inc/lang/tr/wordblock.txt +inc/lang/uk/wordblock.txt +inc/lang/vi/wordblock.txt +inc/lang/zh-tw/wordblock.txt +inc/lang/zh/wordblock.txt +lib/scripts/pngbehavior.htc + +# removed in rc2009-12-02 +inc/lang/ar/wordblock.txt +inc/lang/ca-va/ +lib/plugins/acl/lang/ca-va/ +lib/plugins/config/lang/ca-va/ +lib/plugins/plugin/lang/ca-va/ +lib/plugins/popularity/lang/ca-va/ +lib/plugins/revert/lang/ca-va/ +lib/plugins/usermanager/lang/ca-va/ + +# removed in rc2009-01-30 +lib/plugins/upgradeplugindirectory +lib/plugins/upgradeplugindirectory/action.php + +# removed in rc2009-01-26 +inc/auth/punbb.class.php +inc/lang/ko/edit.txt_bak +inc/lang/ko/lang.php_bak +inc/lang/ku/admin_acl.txt +inc/lang/mg/admin_acl.txt +lib/plugins/importoldchangelog +lib/plugins/importoldchangelog/action.php +lib/plugins/importoldindex +lib/plugins/importoldindex/action.php +lib/plugins/usermanager/images/no_user_edit.png +lib/plugins/usermanager/images/user_edit.png +lib/tpl/default/UWEB.css + +# removed in rc2008-03-31 +inc/aspell.php +inc/geshi/css-gen.cfg +inc/lang/fr/admin_acl.txt +lib/exe/spellcheck.php +lib/images/toolbar/spellcheck.png +lib/images/toolbar/spellnoerr.png +lib/images/toolbar/spellstop.png +lib/images/toolbar/spellwait.gif +lib/plugins/acl/lang/ar/intro.txt +lib/plugins/acl/lang/bg/intro.txt +lib/plugins/acl/lang/ca/intro.txt +lib/plugins/acl/lang/cs/intro.txt +lib/plugins/acl/lang/da/intro.txt +lib/plugins/acl/lang/de/intro.txt +lib/plugins/acl/lang/el/intro.txt +lib/plugins/acl/lang/en/intro.txt +lib/plugins/acl/lang/es/intro.txt +lib/plugins/acl/lang/et/intro.txt +lib/plugins/acl/lang/eu/intro.txt +lib/plugins/acl/lang/fi/intro.txt +lib/plugins/acl/lang/fr/intro.txt +lib/plugins/acl/lang/gl/intro.txt +lib/plugins/acl/lang/he/intro.txt +lib/plugins/acl/lang/id/intro.txt +lib/plugins/acl/lang/it/intro.txt +lib/plugins/acl/lang/ja/intro.txt +lib/plugins/acl/lang/ko/intro.txt +lib/plugins/acl/lang/lt/intro.txt +lib/plugins/acl/lang/lv/intro.txt +lib/plugins/acl/lang/nl/intro.txt +lib/plugins/acl/lang/no/intro.txt +lib/plugins/acl/lang/pl/intro.txt +lib/plugins/acl/lang/pt/intro.txt +lib/plugins/acl/lang/ru/intro.txt +lib/plugins/acl/lang/sk/intro.txt +lib/plugins/acl/lang/sr/intro.txt +lib/plugins/acl/lang/sv/intro.txt +lib/plugins/acl/lang/tr/intro.txt +lib/plugins/acl/lang/uk/intro.txt +lib/plugins/acl/lang/vi/intro.txt +lib/plugins/acl/lang/zh/intro.txt +lib/plugins/acl/lang/zh-tw/intro.txt +lib/scripts/spellcheck.js +lib/styles/spellcheck.css + +# removed in 2007-06-26 +inc/parser/wiki.php +lib/images/interwiki/bug.gif +lib/plugins/base.php +lib/plugins/plugin/inc +lib/plugins/plugin/inc/tarlib.class.php +lib/plugins/plugin/inc/zip.lib.php +lib/scripts/domLib.js +lib/scripts/domTT.js + +# removed in 2006-11-06 +inc/admin_acl.php +inc/lang/lt/stopwords.txt +inc/magpie +inc/magpie/rss_cache.inc +inc/magpie/rss_fetch.inc +inc/magpie/rss_parse.inc +inc/magpie/rss_utils.inc +lib/exe/media.php +lib/tpl/default/mediaedit.php +lib/tpl/default/media.php +lib/tpl/default/mediaref.php + +# removed in 2006-03-09 +data/pages/wiki/playground.txt +inc/auth/ldap.php +inc/auth/mysql.php +inc/auth/pgsql.php +inc/auth/plain.php +inc/lang/ca/admin_acl.txt +inc/lang/cs/admin_acl.txt +inc/lang/da/admin_acl.txt +inc/lang/de/admin_acl.txt +inc/lang/en/admin_acl.txt +inc/lang/et/admin_acl.txt +inc/lang/eu/admin_acl.txt +inc/lang/fr/admin_acl.txt +inc/lang/it/admin_acl.txt +inc/lang/ja/admin_acl.txt +inc/lang/lt/admin_acl.txt +inc/lang/lv/admin_acl.txt +inc/lang/nl/admin_acl.txt +inc/lang/no/admin_acl.txt +inc/lang/pl/admin_acl.txt +inc/lang/pt/admin_acl.txt +inc/lang/vi/admin_acl.txt +inc/lang/zh-tw/admin_acl.txt +inc/parser/spamcheck.php +lib/images/favicon.ico +lib/images/thumbup.gif +lib/images/toolbar/code.png +lib/images/toolbar/empty.png +lib/images/toolbar/extlink.png +lib/images/toolbar/fonth1.png +lib/images/toolbar/fonth2.png +lib/images/toolbar/fonth3.png +lib/images/toolbar/fonth4.png +lib/images/toolbar/fonth5.png +lib/images/toolbar/list.png +lib/images/toolbar/list_ul.png +lib/images/toolbar/rule.png +lib/tpl/default/images/interwiki.png diff -Naur dokuwiki-2010-11-07/doku.php dokuwiki-2010-11-07a/doku.php --- dokuwiki-2010-11-07/doku.php 2010-11-07 17:43:03.000000000 +0100 +++ dokuwiki-2010-11-07a/doku.php 2011-01-16 19:04:09.000000000 +0100 @@ -7,7 +7,7 @@ */ // update message version -$updateVersion = 29; +$updateVersion = 30; // xdebug_start_profiling(); diff -Naur dokuwiki-2010-11-07/inc/auth.php dokuwiki-2010-11-07a/inc/auth.php --- dokuwiki-2010-11-07/inc/auth.php 2010-11-07 17:43:03.000000000 +0100 +++ dokuwiki-2010-11-07a/inc/auth.php 2011-01-16 19:04:09.000000000 +0100 @@ -536,13 +536,13 @@ //still here? do the namespace checks if($ns){ - $path = $ns.':\*'; + $path = $ns.':*'; }else{ - $path = '\*'; //root document + $path = '*'; //root document } do{ - $matches = preg_grep('/^'.$path.'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); + $matches = preg_grep('/^'.preg_quote($path,'/').'\s+('.$regexp.')\s+/'.$ci,$AUTH_ACL); if(count($matches)){ foreach($matches as $match){ $match = preg_replace('/#.*$/','',$match); //ignore comments @@ -559,9 +559,9 @@ //get next higher namespace $ns = getNS($ns); - if($path != '\*'){ - $path = $ns.':\*'; - if($path == ':\*') $path = '\*'; + if($path != '*'){ + $path = $ns.':*'; + if($path == ':*') $path = '*'; }else{ //we did this already //looks like there is something wrong with the ACL diff -Naur dokuwiki-2010-11-07/lib/exe/xmlrpc.php dokuwiki-2010-11-07a/lib/exe/xmlrpc.php --- dokuwiki-2010-11-07/lib/exe/xmlrpc.php 2010-11-07 17:43:04.000000000 +0100 +++ dokuwiki-2010-11-07a/lib/exe/xmlrpc.php 2011-01-16 19:04:09.000000000 +0100 @@ -289,6 +289,7 @@ * Return a raw wiki page */ function rawPage($id,$rev=''){ + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } @@ -344,6 +345,7 @@ * Return a wiki page rendered to html */ function htmlPage($id,$rev=''){ + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } @@ -481,6 +483,7 @@ * Return some basic data about a page */ function pageInfo($id,$rev=''){ + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } @@ -583,6 +586,7 @@ * Michael Klier */ function putAttachment($id, $file, $params) { + $id = cleanID($id); global $conf; global $lang; @@ -650,6 +654,7 @@ * @author Gina Haeussge */ function deleteAttachment($id){ + $id = cleanID($id); $auth = auth_quickaclcheck(getNS($id).':*'); if($auth < AUTH_DELETE) return new IXR_ERROR(1, "You don't have permissions to delete files."); global $conf; @@ -707,6 +712,7 @@ * Returns the permissions of a given wiki page */ function aclCheck($id) { + $id = cleanID($id); return auth_quickaclcheck($id); } @@ -716,13 +722,14 @@ * @author Michael Klier */ function listLinks($id) { + $id = cleanID($id); if(auth_quickaclcheck($id) < AUTH_READ){ return new IXR_Error(1, 'You are not allowed to read this page'); } $links = array(); // resolve page instructions - $ins = p_cached_instructions(wikiFN(cleanID($id))); + $ins = p_cached_instructions(wikiFN($id)); // instantiate new Renderer - needed for interwiki links include(DOKU_INC.'inc/parser/xhtml.php'); @@ -830,6 +837,10 @@ * @author Michael Klier */ function pageVersions($id, $first) { + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_READ){ + return new IXR_Error(1, 'You are not allowed to read this page'); + } global $conf; $versions = array(); @@ -905,7 +916,8 @@ $unlockfail = array(); foreach((array) $set['lock'] as $id){ - if(checklock($id)){ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_EDIT || checklock($id)){ $lockfail[] = $id; }else{ lock($id); @@ -914,10 +926,11 @@ } foreach((array) $set['unlock'] as $id){ - if(unlock($id)){ - $unlocked[] = $id; - }else{ + $id = cleanID($id); + if(auth_quickaclcheck($id) < AUTH_EDIT || !unlock($id)){ $unlockfail[] = $id; + }else{ + $unlocked[] = $id; } } diff -Naur dokuwiki-2010-11-07/VERSION dokuwiki-2010-11-07a/VERSION --- dokuwiki-2010-11-07/VERSION 2010-11-07 17:43:04.000000000 +0100 +++ dokuwiki-2010-11-07a/VERSION 2011-01-16 19:04:09.000000000 +0100 @@ -1 +1 @@ -2010-11-07 "Anteater" +2010-11-07a "Anteater"