Documentation update.

git-svn-id: svn://pmwiki.org/pmwiki/trunk@4749 524c5546-5005-0410-9a3e-e25e191bd360
author: petko <petko@524c5546-5005-0410-9a3e-e25e191bd360> 2024-07-31 13:52:27 +0000
committer: petko <petko@524c5546-5005-0410-9a3e-e25e191bd360> 2024-07-31 13:52:27 +0000
commit: 7ad14c4b20c2385e6b6352febcb5b927307afaf5 (patch)
tree: 1864291f04ea7c55e99c3dad5b2fa50e809818e6 /wikilib.d
parent: 0e14bed10d95dcbb0f5fa481415aba724f662a8d (diff)
download: pmwiki.svn-7ad14c4b20c2385e6b6352febcb5b927307afaf5.tar.bz2
2 files changed, 11 insertions, 11 deletions
diff --git a/wikilib.d/PmWiki.ChangeLog b/wikilib.d/PmWiki.ChangeLog
index a5e326ab..332d3fc5 100644
--- a/wikilib.d/PmWiki.ChangeLog
+++ b/wikilib.d/PmWiki.ChangeLog
@@ -1,9 +1,9 @@
 version=pmwiki-2.3.35 ordered=1 urlencoded=1
 author=Petko
 charset=UTF-8
-csum=Add $TROEPatterns. (+21)
+csum=Update for PHP 8 (PITS:01510) (+32)
 name=PmWiki.ChangeLog
-rev=1868
-targets=Cookbook.RecentChanges,PmWiki.MailingLists,PmWiki.Subversion,PmWiki.LayoutVariables,Cookbook.DragDropMultiUpload,PmWiki.EditVariables,PITS.01507,PITS.01502,PmWiki.UploadVariables,PmWiki.OtherVariables,PITS.01499,PITS.01498,PmWiki.WikiStyles,PITS.01497,Cookbook.DarkColorScheme,PmWiki.LinkVariables,Cookbook.PmSyntax-Talk,PmWiki.Notify,PITS.01431,PITS.01495,PITS.01493,PmWiki.PagelistVariables,PITS.01494,Cookbook.FuseEdit,PmWiki.BasicVariables,PmWiki.SecurityVariables,PITS.01488,PITS.01489,Cookbook.SectionEdit,PITS.01486,PITS.01297,PITS.01485,Cookbook.EditHelp,PITS.01484,PITS.01208,PITS.01483,PITS.01480,PmWiki.PageVariables,PITS.01478,PITS.01477,Cookbook.PmSyntax,Cookbook.CustomSyntax,PITS.01418,PITS.00447,PITS.01475,PITS.00908,PITS.01095,PmWiki.ChangeLogArchive
-text=(:Summary: Log of changes made to PmWiki by [[Release(Notes)]]:)\%0aSee [[Cookbook:RecentChanges | the cookbook recent changes page]] for additional updates and activity by other developers, or join the [[PmWiki (/) mailing lists]] to discuss feature development with us.%0a%0a(:Prerelease:Changes made to the [[PmWiki:Subversion | subversion pre-release]] of PmWiki. You can get \%0a[[https://www.pmwiki.org/pub/pmwiki-devel/pmwiki-latest-svn.zip|a full ZIP archive]] of the nightly version, or \%0a[[https://www.pmwiki.org/pub/pmwiki-devel/pmwiki-nightly.zip|a partial export]] with only the files changed since {$Version}.:)\%0a{$:Prerelease}%0a%0a(:comment PosArgs and $MessagesFmt were released in 2.3.34 but are undocumented and may change, so I'll announce about them in the next version:)%0a* Add helper function PosArgs($args, $posnames).%0a* Refactor $MessagesFmt to allow nested arrays with keys and %25pmhlt%25 [@(:messages key=a,b:)@]%25%25 that can be set from recipes.%0a* Add $EnableUploadDrop based on Cookbook:DragDropMultiUpload.%0a* Add $TROEPatterns.%0a[[#svn-revision-4745]]%0a* Update documentation.%0a%0a!!! Version 2.3.35 (2024-07-07) [[#v2335]]%0a* PmSyntax [@(:comment ...:)@] add required space; add [@(:input defaults ...:)@] (with "s"). %25item pmhlt%25%0a* Enable highlighted source with ?action=source&highlight=1.%0a* Update default sidebar, https links, PITS and Mailing lists in conditional.%0a* Remove upload extensions "svg", "svgz", "htm", "html", "css", "swf", "fla", "epub", and files with no extension. Fix mime types for "wmf", "psd".%0a* Fix page title could accidentally include raw HTML.%0a* Update documentation.%0a%0a!!! Version 2.3.34 (2024-05-27) [[#v2334]]%0a* Delete wikilib.d/PmWiki.PerGroupCustomizations (unused redirect), content moved to GroupCustomizations 14 years ago.%0a* RecipeCheck remove table width attribute (suggested by Simon).%0a* Add %25pmhlt%25[@(:if action browse,edit:)@] conditional.%0a* $GUIButtons remove invalid elements (warning reported by Simon).%0a* phpdiff.php fix for PHP 8 when saving new pages (reported by Simon).%0a* Responsive skin: remove old CSS declarations like @-moz-keyframes (PITS:01507).%0a* Add upload extension 'm4a'.%0a* Update documentation.%0a%0a!!! Version 2.3.33 (2024-04-21) [[#v2333]]%0a* $EnablePreviewChanges to show "%25diffadd%25No changes%25%25" if there are no changes.%0a* PmSyntax add rules for colored pagenames and URLs inside bracket links.%0a* Responsive skin hide dropdown icons from printing.%0a* Fix some cases with conditional markup and markup expressions where an empty code could be evaluated (suggested by Goodguy00).%0a* Add $HTMLTitleFmt (PITS:01502).%0a* Cache auth conditional results for %25pmhlt%25[@(:if auth level:)@].%0a* Update blocklist.php for PHP 8, reported by Foster Schucker.%0a* Update documentation.%0a%0a!!! Version 2.3.32 (2024-03-24) [[#v2332]]%0a* Dark theme: add toggleImages(), add $ImgDarkSuffix, $FmtV['$PathUpload']. Restore light styles and pictures for printing.%0a* Responsive skin: white background when printing, move dark toggle label styles into skin.css.%0a* PmSyntax: only apply dark theme colors on screen (not print).%0a* Add upload extensions and image extension patterns AVIF, AVIFS.%0a* Lock AllRecentChanges in case of concurrent uploads.%0a* FileSizeCompact() allow for base 1000 (PITS:01499).%0a* Update documentation.%0a%0a!!! Version 2.3.31 (2024-02-23) [[#v2331]]%0a* Add $EnableDarkThemeToggle, enable 3-way theme toggle, "Light", "Dark" and "Auto", add annotation tooltip showing the current theme on tap and on mouse over.%0a* Refactor config data passed to pmwiki-utils.php, refactor dark toggle functions into a separate script. %0a* Responsive skin add body attributes for group and page name, update dark theme, enable auto theme (browser preferences) by default.%0a* PmSyntax improve dark theme thanks to a script by Said Achmiz; expose color properties for reuse.%0a* Refactor redirect quiet (PITS:01498).%0a* Page attributes passwords form: allow for +addition and -removal of passwords, users, groups.%0a* Allow $EditTemplatesFmt entries to apply to specific pages with name= specification (suggested by Simon).%0a* Forms add attribute "form".%0a* Refactor $PostConfig to allow called functions to update it.%0a* Update RecipeCheck to also list skins, suggested by Simon.%0a* Refactor PrintFmt, add $EnablePrePrintFmt.%0a* [[WikiStyles]] add 'columns'.%0a* When Highlight.js is enabled, Vardoc links will be the same color as variables in highlighted code blocks.%0a* Refactor $EnableUploadVersions.%0a* Update documentation.%0a%0a!!! Version 2.3.30 (2024-01-22) [[#v2330]]%0a* Add prototype for dark theme toggle. See PITS:01497 and Cookbook:DarkColorScheme.%0a** PmWiki-responsive skin converted CSS colors to variables, added dark theme styles.%0a** Add skins/pmwiki/pmwiki-32.svg, enable default for $PageLogoUrl.%0a** PmSyntax added dark theme styles.%0a* $EnableUploadMimeMatch with Fileinfo not enabled to deny uploads.%0a* upload.php fix warning for PHP 8.%0a* RecipeCheck use https, suggested by Simon.%0a* PrintDiff() add $since argument.%0a* Add $EnableRedirectQuiet = 2. Prevent infinite redirect loops.%0a* Fix Attach: links with escaped path and filename.%0a* Improved readability for inline diffs in page history.%0a* Forms enable input e_author not only for action=edit, fix unquoted positional form action URL.%0a* Update documentation.%0a%0a!!! Version 2.3.29 (2023-12-18) [[#v2329]]%0a* Fix urlapprove.php for PHP 8.2. %0a* PmSyntax textarea remove styles for width, height (Cookbook:PmSyntax-Talk), allow for fractional dimensions of the highlighted area.%0a* $MarkupDirectiveFunctions allow dashes in attribute names.%0a* Update documentation.%0a%0a!!! Version 2.3.28 (2023-11-27) [[#v2328]]%0a* Add input ''month'' and ''color'' fields.%0a* Add $NotifyRelatedTrailFmt.%0a* Reverse simpletable row backgrounds when there is a thead element.%0a* Fix pmwiki-utils.js when window.localStorage is disabled.%0a* UrlApprovals allow https: URLs if the http: URL for the same domain has been approved (PITS:01431).%0a* Update documentation.%0a%0a!!! Version 2.3.27 (2023-10-23) [[#v2327]]%0a* When merging last edit, if there is no change summary, reuse the last one. %0a* Keep unknown date/time formats for undefined timezone (PITS:01495).%0a* DiffRenderSource() fix for PHP 8, keep ins/del tags on the same line.%0a* The ".diffmarkup" element now has the style "white-space: pre-wrap".%0a* Add new keyword shortcuts Ctrl+B (bold), Ctrl+I (italic), Ctrl+K (link/unlink).%0a* Update documentation.%0a%0a%0a!!! Version 2.3.26 (2023-09-28) [[#v2326]]%0a* Add configurable $InputLabelFmt snippet (PITS:01493).%0a* Add configurable $TrailFmt snippets.%0a* Add $EnableSearchAtLeastOneTerm, default disabled.%0a* Unset upload extensions if size for the extension is set to 0.%0a* Update feeds.php for PHP 8.2 (PITS:01494).%0a* Update documentation.%0a%0a%0a!!! Version 2.3.25 (2023-07-29) [[#v2325]]%0a* Updates for PHP 8.2.%0a* Fix pagelist when 2+ directives on the same line, reported by Simon.%0a* Fix possible bug with internal group(header|footer) directives caused by PRR().%0a* Update documentation.%0a%0a%0a!!! Version 2.3.24 (2023-06-06) [[#v2324]]%0a* Add $EnableUploadMimeMatch.%0a* Add $EnableMergeLastMinorEdit, edit functions MergeLastMinorEdit (based on Cookbook:FuseEdit), SaveChangeSummary (refactored out of HandleEdit).%0a* Fix LogoutCookies() doesn't use a $pagename argument.%0a* PmForm add condition 'validemail' for use in template require.%0a* Add $PmCryptAlgo, pmcrypt() to call password_verify() if it exists. %0a* Refactor HandleDownload() split ServeDownload($filepath, $upname).%0a* Add InsertEditFunction($newfn, $where='%3cPostPage').%0a* Add $AuthFormRespCode.%0a* Add $EnableDownloadRanges, default 1.%0a* When the token is expired, reopen edit form rather than abort.%0a* LocalTimes add $EnableRCListLastEdit.%0a* Update documentation.%0a%0a!!! Version 2.3.23 (2023-05-03) [[#v2323]]%0a* Refactor pmtoken() to use session tokens, enable for core actions.%0a* Add %25pmhlt%25[@(:input pmtoken:)@] helper.%0a* PmForm add $PmFormEnablePmToken.%0a* Refactor @@HandleLogoutA()@@ split @@LogoutCookies()@@. %0a* Fix PRCB() for PHP %3c 7.4.%0a* Update documentation.%0a%0a!!! Version 2.3.22 (2023-04-06) [[#v2322]]%0a* Add scripts/pmform.php, Site.PmFormTemplates.%0a* FmtDateTimeZ() can now accept Unix timestamps.%0a* Pagelists fix bug with multiple category=+A,+B entries.%0a* Update for PHP 8.1 (PITS:01488).%0a* MarkupDirectiveFunctions will now cast numeric arguments to floats.%0a* Prevent errors in custom PageVariables from generating internal server errors (PITS:01489).%0a* Improve inline diff for rare cases (end of page).%0a* Forms/buttons with @@data-pmconfirm="Question"@@ will ask the question before they are submitted.%0a* Update documentation.%0a%0a%0a!!! Version 2.3.21 (2023-03-06) [[#v2321]]%0a* Add $IsPmArchive, $PmArchiveDir.%0a* Sortable tables with %3ctime datetime=""> elements can be sorted by the datetime attribute. Fix for tables with preexisting %3cthead> element.%0a* Updates for PHP8.%0a* Add CSV upload extension.%0a* LocalTimes add mode=3 to show old dates as MM'YY.%0a* Fix bug with multiline $MarkupDirectiveFunctions, reported by Antti Tikanm&auml;ki.%0a* Add $EnableCopyCode and Copy code button to %3cpre> blocks, suggested by Alex Dor&eacute;.%0a* Update PmTOC to work better with Cookbook:SectionEdit.%0a* Update documentation.%0a%0a!!! Version 2.3.20 (2023-02-12) [[#v2320]]%0a* Fix undefined variable warning, reported by Gregor Klari&ccaron;.%0a%0a!!! Version 2.3.19 (2023-02-11) [[#v2319]]%0a* Only set cookie params if headers not sent. %0a* Update for PHP8.2, reported by Dfaure. PageVar() update for PHP 8.%0a* Add variable $DiffPrepareInlineFunction.%0a* PageListCache() remove unused global $PageIndexFile.%0a* Add configurable $LocalCSSDir, $LocalCSSDirUrl.%0a* DownloadUrl() add $FmtV['$LinkDownload'] with current or future download link.%0a* Add pm_recode() helper function (based on PageStore::recodefn), check for more transcode options.%0a* HandleBrowse() add $FmtV['$PageSourceText'].%0a* Add helper function KeepBlock().%0a* Add $FarmPubDirPrefix, pm_servefile(), $ServeFileExts.%0a* Update documentation.%0a%0a!!! Version 2.3.18 (2023-01-15) [[#v2318]]%0a* Refactor scripts/utils.php, add pm_json_encode() (PITS:01486).%0a* EditAutoText() fix for lines ending with multiple backslashes.%0a* PmSyntax optimize/refactor for large pages (cont.), fix inline escaped texts could ignore line markups, add EnableStopwatch.%0a* Notify fix typo in regular expression.%0a* {-Add $EnableUploadVersions >=10 to rename base.ext to base-1.ext, base-2.ext,...-} ''Redesigned in 2.3.31''%0a* CondAuth() fix bug with global $AuthList.%0a* Add helper function PRCB() for simpler preg_replace_callback passing variables.%0a* Update scripts/refcount.php for PHP 8, reported by George Murray.%0a* Add PageVariable $PageLogoUrl (PITS:01297).%0a* Update documentation.%0a%0a!!! Version 2.3.17 (2022-12-17) [[#v2317]]%0a* WikiStyles trim class names (PITS:01485).%0a* GUIEditButtons refactor to enable Undo in textarea; allow for custom functions to configure mopen, mclose, and unselect for their buttons.%0a* [[Cookbook:EditHelp|EditHelp]] refactor to allow undo; add shortcuts Ctrl+L convert selection to lowercase, Ctrl+Shift+L to uppercase, Ctrl+Shift+ArrowUp and ArrowDown to swap lines.%0a* Skip upgrade check if $EnableReadOnly.%0a* Fix bug with multiple $MarkupDirectiveFunctions.%0a* Add $EnableBaseNameConfig.%0a* PmSyntax optimize for larger pages (cont.).%0a* Input password add class "inputbox" like the other fields.%0a* CondAuth() added way to check for usergroup permissions.%0a* Update in pagelist.php for PHP 8.%0a* Documentation update.%0a%0a!!! Version 2.3.16 (2022-11-28) [[#v2316]]%0a* Class PPRC add generic callbacks.%0a* IncludeText() update for PHP 8, reported by V.Krishn.%0a* WikiStyle add 'overflow', 'notoc'.%0a* Add PmNonce().%0a* PmTOC update indented link style->classname. %0a* Responsive skin: replace %25pmhlt%25[@[[%3c%3c]]@] with %25hlt html%25[@%3cbr class='clearboth' />@], update PmTOC styles.%0a* $EnableListIncludedPages use class name instead of style. %0a* guiedit.js remove unneeded style.%0a* PmSyntax realign font for nested programming languages in the edit form, optimize for large pages.%0a* Only call session_status() if function exists.%0a* Edit form remove unsafe-inline script.%0a* Revert WikiStyleToClassName(), PrePrintFmt() -- need more work (PITS:01484).%0a* Documentation update.%0a%0a!!! Version 2.3.15 (2022-11-21) [[#v2315]]%0a* CSS pre, code relative/scalable font-size (pmwiki-responsive skin).%0a* PmSyntax add variable --pmsyntax-fontsize-editform and split from --pmsyntax-fontsize [[https://www.pmichaud.com/pipermail/pmwiki-users/2022-November/064936.html|#]].%0a* PmSyntax fix [@[[Highlight]]@] label font size and family (reported by Hans).%0a* Add variable $CookieSameSite default to 'Lax'%0a* Add argument $samesite to pmsetcookie(), default to $CookieSameSite, refactor for old and new PHP versions. %0a* Add function pm_session_start() respecting local configuration.%0a* CSP header add base-uri=self; object-src 'none'.%0a* Add $HTTPHeaders['XSSP'] = 'X-XSS-Protection: 1; mode=block'.%0a* Rewrite GUIButtons logic to avoid unsafe-inline JavaScript.%0a* Refactor WikiStyles, replace inline styles with class names to avoid unsafe-inline CSS.%0a* Refactor PQA(), tables, cells, to replace inline style="..." with class names to avoid unsafe-inline CSS.%0a* Add PrePrintFmt(), refactor PrintFmt(), PrintSkin() to process wiki pages, skin parts, and skin functions to HTML before outputting headers.%0a* Fix XSS vulnerability.%0a* Documentation update.%0a%0a!!! Version 2.3.14 (2022-11-03) [[#v2314]]%0a* Searchbox also escape custom field names.%0a* Prevent double-encoded entities in searchbox (reported by Simon).%0a* Trim $Author (PITS:01208).%0a* Replace autofocus inline JavaScript with attributes.%0a* Edit form: the label next to the "Minor edit" checkbox now toggles the checkbox.%0a* PmSyntax recognize %25pmhlt%25[@(:template requires? ...:)@].%0a* Update for PHP 8. %0a* Obsolete PCCF() from PHP 7.2 not 8.0.%0a* Add array $ObsoleteMarkups, function TraceMarkup(), update Markup(), Markup_e() and ObsoleteMarkup(), to retrieve and show files and line numbers for obsolete/disabled markup rules.%0a* Fix bug with PSFT format %25L.%0a* Update documentation.%0a%0a!!! Version 2.3.13 (2022-10-07) [[#v2313]]%0a* Close potential XSS vulnerability, reported by lukystreik (PITS:01483).%0a* Refactor $MultiFactorAuthFunction, add $FailedLoginsFunction.%0a* Update documentation.%0a%0a!!! Version 2.3.12 (2022-09-25) [[#v2312]]%0a* Stripmagic() cast null to "" and other fixes for PHP 8.%0a* Fix parse error for complex conditionals with empty variables (PITS:01480).%0a* PSFT() and MarkupExpression [@ftime@] add %25L as human readable local timestamp. %0a* MarkupRestore() fix wrong cast to empty string of false-ish values.%0a* PrintAuthForm() split from PmWikiAuth(). %0a* Fix warning for unneeded session_regenerate_id() (reported by George Murray).%0a* Update documentation.%0a%0a!!! Version 2.3.11 (2022-08-30) [[#v2311]]%0a* Add [[PageVariables]] %25pmhlt%25 [@{$GroupHomePage}@], [@{$GroupHomePageName}@], [@{$GroupHomePageTitle}@], [@{$GroupHomePageTitlespaced}@].%0a* Add $MarkupDirectiveFunctions.%0a* Fix stripmagic() for arrays recently broke after PHP8 update.%0a* Update documentation.%0a%0a!!! Version 2.3.10 (2022-08-20) [[#v2310]]%0a* Update for PHP 8.1 (reported by Armin Bühler).%0a* Forms will now prefill wildcard variables from $DefaultUnsetPageTextVars or $DefaultEmptyPageTextVars.%0a* $EnablePmSyntax = 3; will enable syntax highlighting in the edit form by default, without the user clicking on "Highlight". Fix occasional text mis-alignment between the text area and the highlighted block.%0a* Update documentation.%0a%0a!!! Version 2.3.9 (2022-08-18) [[#v239]]%0a* Add non-wildcard $DefaultUnsetPageTextVars to  %25pmhlt%25[@(:input default:)@] (reported by Johnny).%0a* PmSyntax handles new selectors pre.pmhlt, code.pmhlt.%0a* Update for PHP 8 (PITS:01478).%0a* Update documentation.%0a%0a%0a!!! Version 2.3.8 (2022-07-22) [[#v238]]%0a* PmSyntax fix for 2 different %25pmhlt%25 [@%25hlt%25@] on the same line (reported by Simon).%0a* Fix broken include when the first page doesn't exist.%0a* Update documentation.%0a%0a!!! Version 2.3.7 (2022-06-28) [[#v237]]%0a* $HTTPHeaders add X-Frame-Options (suggested by Imagine Dragon) and Content-Security-Policy to disallow embedding in external websites by default.%0a* $EnableHighlight will now remember any links to PmWiki variables and restore them after the highlighting, see [[thread->https://www.pmwiki.org/pipermail/pmwiki-users/2022-June/064887.html]].%0a* $EnablePmSyntax will now process %25pmhlt%25[@%25hlt pmwiki%25@] in addition to [@%25pmhlt%25@] blocks, and escaped markup after it will be tentatively highlighted.%0a* Update documentation.%0a%0a!!! Version 2.3.6 (2022-06-19) [[#v236]]%0a* Fixes for PHP 8.%0a* Add form attribute "lang".%0a* Sortable tables allow for table headers to have markup such as bold (except links). It will now use a case-insensitive natural ordering.%0a* Allow for $UploadVerifyFunction to modify $upname.%0a* Add variable $PageIndexTermsFunction.%0a* Searchbox allow for removal of submit button if [@label=""@]; add default [@placeholder="$[Search]"@].%0a* Fix author.php may be included before some variables are defined, reported by Said Achmiz.%0a* $EnableHighlight convert code blocks to plain text, see [[thread->https://www.pmwiki.org/pipermail/pmwiki-users/2022-June/064887.html]].%0a* Documentation update.%0a%0a%0a!!! Version 2.3.5 (2022-05-23) [[#v235]]%0a* Fix broken list=grouphomes (PITS:01477).%0a* Add DisableSkinParts() helper function for recipes.%0a* HandlePostUpload: add @@$FmtV["$filepath"]@@ and @@$FmtV["$upurl"]@@ with the file path and direct URL to the newly uploaded file.%0a* In pmwiki-utils.js, replace forgotten ''let'' with ''var'' (suggested by SteP).%0a* Update for PHP 8.1.%0a* Update documentation.%0a%0a!!! Version 2.3.4 (2022-04-22) [[#v234]]%0a* Fixes for PHP 8 warnings, reported by Siegfried Seibert.%0a* Update documentation.%0a%0a!!! Version 2.3.3 (2022-03-26) [[#v233]]%0a* Fix for PHP 8 warnings, reported by Jean-Patrick Charrey, Dominique Faure and Siegfried Seibert.%0a* Update README.txt and docs/ files, suggested by Simon Davis.%0a* Update documentation.%0a%0a!!! Version 2.3.2 (2022-02-09) [[#v232]]%0a* Allow for $EnableLocalTimes to define custom duration of the pulled page history.%0a* Rename variable $EnableIncludedPages to $EnableListIncludedPages (avoid ambiguity).%0a* Remove $LinkAlt when an embedded picture without an alternative text fails to load.%0a* PmSyntax:%0a** Allow for line breaks \\ inside headings, tables, list items (like the core).%0a** Parallel processing of multiple blocks.%0a* Add scripts/utils.php; move loading of pmwiki-utils.js and PmSyntax to scripts/utils.js.%0a** Add $EnablePmUtils, default enabled.%0a** Parallel processing of the pmwiki-utils.js utility functions.%0a** Move pmwiki-utils.js move to $HTMLHeaderFmt (often prevents page redraw with the TOC/PmToggle/LocalTimes).%0a* Fix bug causing invalid page name when the name is "Group.0".%0a* Fix PHP 8.1.2 warnings, reported by J&uuml;rgen Godau and Dominique Faure.%0a* LocaltTimes fix "rcnew" classes for wikis with the older format.%0a* Update documentation.%0a%0a!!! Version 2.3.1 (2022-01-15) [[#v231]]%0a%0a* Fix the release script which broke the $VersionNum variable and the [@[[#anchor]]@] markup with the PmWiki-responsive skin.%0a%0a!!! Version 2.3.0 (2022-01-15) [[#v230]]%0a* Add PmSyntax, $EnablePmSyntax, $CustomSyntax, [@{$EnabledIMap}@], see Cookbook:PmSyntax, Cookbook:CustomSyntax.%0a* [@(:markup:)@] can now have @@class=norender@@ to only show the source code without processing it.%0a* Updates for PHP 8.1, hide warnings, add PSFT() replacement for strftime() and 2 callbacks, $EnableFTimeNew, update core function calls, add [@%25o@] for the ordinal suffix of the date (PITS:01418).%0a* Notify: @@tz=@@ (timezone) per-user.%0a* PageList add category= argument (PITS:00447, PITS:01475); link= and category= now accept multiple pages, wildcards, and negations (PITS:00908).%0a* [=[[!Category]]=] links can have alternative text (PITS:01095).%0a* Simplify/optimize pmwiki-utils.js when using datasets, simplify sorting of table rows without cloning, add LocalTimes().%0a* Page history diff anchors to also have "id=" attributes in addition to "name=".%0a* Add $EnableLocalTimes (default disabled) and styles, add HandleDiffList().%0a* Add markup %25pmhlt%25[@@2022-01-09T08:35:00Z@]%25%25 output as %3ctime>; localized if $EnableLocalTimes.%0a** Add $CurrentLocalTime in the above format, used by default in $RecentChangesFmt.%0a* Add $EnableRecentUploads (only Site.AllRecentChanges, only if $RecentUploadsFmt not defined).%0a* PmTOC update CSS for properly indented subheadings.%0a* Edit form $EnableIncludedPages, add placeholders to e_changesummary and e_author. Enable $EnableNotSavedWarning, add to sample-config.php. EditHelp to behave more like a word processor, typing "Enter" twice without writing text removes the preceding bullet.%0a* Responsive skin details>summary:hover {color:navy, cursor: pointer;}.%0a* PrintDiff() add classes for the delay between edits: diffday, diffweek, diffmonth, diffyear.%0a* Add helper function @@DownloadUrl($pagename, $path)@@ moved from @@LinkUpload()@@.%0a* Add [=$[ULby]=] i18n string 'uploaded by'.%0a* Update documentation.%0a%0a!!! [[#older]] Older versions%0a[[(PmWiki:)ChangeLog Archive]] - changes prior to version 2.3.0.%0a
-time=1722083394
+rev=1869
+targets=Cookbook.RecentChanges,PmWiki.MailingLists,PmWiki.Subversion,PmWiki.LayoutVariables,Cookbook.DragDropMultiUpload,PmWiki.EditVariables,PITS.01510,PITS.01507,PITS.01502,PmWiki.UploadVariables,PmWiki.OtherVariables,PITS.01499,PITS.01498,PmWiki.WikiStyles,PITS.01497,Cookbook.DarkColorScheme,PmWiki.LinkVariables,Cookbook.PmSyntax-Talk,PmWiki.Notify,PITS.01431,PITS.01495,PITS.01493,PmWiki.PagelistVariables,PITS.01494,Cookbook.FuseEdit,PmWiki.BasicVariables,PmWiki.SecurityVariables,PITS.01488,PITS.01489,Cookbook.SectionEdit,PITS.01486,PITS.01297,PITS.01485,Cookbook.EditHelp,PITS.01484,PITS.01208,PITS.01483,PITS.01480,PmWiki.PageVariables,PITS.01478,PITS.01477,Cookbook.PmSyntax,Cookbook.CustomSyntax,PITS.01418,PITS.00447,PITS.01475,PITS.00908,PITS.01095,PmWiki.ChangeLogArchive
+text=(:Summary: Log of changes made to PmWiki by [[Release(Notes)]]:)\%0aSee [[Cookbook:RecentChanges | the cookbook recent changes page]] for additional updates and activity by other developers, or join the [[PmWiki (/) mailing lists]] to discuss feature development with us.%0a%0a(:Prerelease:Changes made to the [[PmWiki:Subversion | subversion pre-release]] of PmWiki. You can get \%0a[[https://www.pmwiki.org/pub/pmwiki-devel/pmwiki-latest-svn.zip|a full ZIP archive]] of the nightly version, or \%0a[[https://www.pmwiki.org/pub/pmwiki-devel/pmwiki-nightly.zip|a partial export]] with only the files changed since {$Version}.:)\%0a{$:Prerelease}%0a%0a(:comment PosArgs and $MessagesFmt were released in 2.3.34 but are undocumented and may change, so I'll announce about them in the next version:)%0a* Add helper function PosArgs($args, $posnames).%0a* Refactor $MessagesFmt to allow nested arrays with keys and %25pmhlt%25 [@(:messages key=a,b:)@]%25%25 that can be set from recipes.%0a* Add $EnableUploadDrop based on Cookbook:DragDropMultiUpload.%0a* Add $TROEPatterns.%0a* Update for PHP 8 (PITS:01510)%0a[[#svn-revision-4748]]%0a* Update documentation.%0a%0a!!! Version 2.3.35 (2024-07-07) [[#v2335]]%0a* PmSyntax [@(:comment ...:)@] add required space; add [@(:input defaults ...:)@] (with "s"). %25item pmhlt%25%0a* Enable highlighted source with ?action=source&highlight=1.%0a* Update default sidebar, https links, PITS and Mailing lists in conditional.%0a* Remove upload extensions "svg", "svgz", "htm", "html", "css", "swf", "fla", "epub", and files with no extension. Fix mime types for "wmf", "psd".%0a* Fix page title could accidentally include raw HTML.%0a* Update documentation.%0a%0a!!! Version 2.3.34 (2024-05-27) [[#v2334]]%0a* Delete wikilib.d/PmWiki.PerGroupCustomizations (unused redirect), content moved to GroupCustomizations 14 years ago.%0a* RecipeCheck remove table width attribute (suggested by Simon).%0a* Add %25pmhlt%25[@(:if action browse,edit:)@] conditional.%0a* $GUIButtons remove invalid elements (warning reported by Simon).%0a* phpdiff.php fix for PHP 8 when saving new pages (reported by Simon).%0a* Responsive skin: remove old CSS declarations like @-moz-keyframes (PITS:01507).%0a* Add upload extension 'm4a'.%0a* Update documentation.%0a%0a!!! Version 2.3.33 (2024-04-21) [[#v2333]]%0a* $EnablePreviewChanges to show "%25diffadd%25No changes%25%25" if there are no changes.%0a* PmSyntax add rules for colored pagenames and URLs inside bracket links.%0a* Responsive skin hide dropdown icons from printing.%0a* Fix some cases with conditional markup and markup expressions where an empty code could be evaluated (suggested by Goodguy00).%0a* Add $HTMLTitleFmt (PITS:01502).%0a* Cache auth conditional results for %25pmhlt%25[@(:if auth level:)@].%0a* Update blocklist.php for PHP 8, reported by Foster Schucker.%0a* Update documentation.%0a%0a!!! Version 2.3.32 (2024-03-24) [[#v2332]]%0a* Dark theme: add toggleImages(), add $ImgDarkSuffix, $FmtV['$PathUpload']. Restore light styles and pictures for printing.%0a* Responsive skin: white background when printing, move dark toggle label styles into skin.css.%0a* PmSyntax: only apply dark theme colors on screen (not print).%0a* Add upload extensions and image extension patterns AVIF, AVIFS.%0a* Lock AllRecentChanges in case of concurrent uploads.%0a* FileSizeCompact() allow for base 1000 (PITS:01499).%0a* Update documentation.%0a%0a!!! Version 2.3.31 (2024-02-23) [[#v2331]]%0a* Add $EnableDarkThemeToggle, enable 3-way theme toggle, "Light", "Dark" and "Auto", add annotation tooltip showing the current theme on tap and on mouse over.%0a* Refactor config data passed to pmwiki-utils.php, refactor dark toggle functions into a separate script. %0a* Responsive skin add body attributes for group and page name, update dark theme, enable auto theme (browser preferences) by default.%0a* PmSyntax improve dark theme thanks to a script by Said Achmiz; expose color properties for reuse.%0a* Refactor redirect quiet (PITS:01498).%0a* Page attributes passwords form: allow for +addition and -removal of passwords, users, groups.%0a* Allow $EditTemplatesFmt entries to apply to specific pages with name= specification (suggested by Simon).%0a* Forms add attribute "form".%0a* Refactor $PostConfig to allow called functions to update it.%0a* Update RecipeCheck to also list skins, suggested by Simon.%0a* Refactor PrintFmt, add $EnablePrePrintFmt.%0a* [[WikiStyles]] add 'columns'.%0a* When Highlight.js is enabled, Vardoc links will be the same color as variables in highlighted code blocks.%0a* Refactor $EnableUploadVersions.%0a* Update documentation.%0a%0a!!! Version 2.3.30 (2024-01-22) [[#v2330]]%0a* Add prototype for dark theme toggle. See PITS:01497 and Cookbook:DarkColorScheme.%0a** PmWiki-responsive skin converted CSS colors to variables, added dark theme styles.%0a** Add skins/pmwiki/pmwiki-32.svg, enable default for $PageLogoUrl.%0a** PmSyntax added dark theme styles.%0a* $EnableUploadMimeMatch with Fileinfo not enabled to deny uploads.%0a* upload.php fix warning for PHP 8.%0a* RecipeCheck use https, suggested by Simon.%0a* PrintDiff() add $since argument.%0a* Add $EnableRedirectQuiet = 2. Prevent infinite redirect loops.%0a* Fix Attach: links with escaped path and filename.%0a* Improved readability for inline diffs in page history.%0a* Forms enable input e_author not only for action=edit, fix unquoted positional form action URL.%0a* Update documentation.%0a%0a!!! Version 2.3.29 (2023-12-18) [[#v2329]]%0a* Fix urlapprove.php for PHP 8.2. %0a* PmSyntax textarea remove styles for width, height (Cookbook:PmSyntax-Talk), allow for fractional dimensions of the highlighted area.%0a* $MarkupDirectiveFunctions allow dashes in attribute names.%0a* Update documentation.%0a%0a!!! Version 2.3.28 (2023-11-27) [[#v2328]]%0a* Add input ''month'' and ''color'' fields.%0a* Add $NotifyRelatedTrailFmt.%0a* Reverse simpletable row backgrounds when there is a thead element.%0a* Fix pmwiki-utils.js when window.localStorage is disabled.%0a* UrlApprovals allow https: URLs if the http: URL for the same domain has been approved (PITS:01431).%0a* Update documentation.%0a%0a!!! Version 2.3.27 (2023-10-23) [[#v2327]]%0a* When merging last edit, if there is no change summary, reuse the last one. %0a* Keep unknown date/time formats for undefined timezone (PITS:01495).%0a* DiffRenderSource() fix for PHP 8, keep ins/del tags on the same line.%0a* The ".diffmarkup" element now has the style "white-space: pre-wrap".%0a* Add new keyword shortcuts Ctrl+B (bold), Ctrl+I (italic), Ctrl+K (link/unlink).%0a* Update documentation.%0a%0a%0a!!! Version 2.3.26 (2023-09-28) [[#v2326]]%0a* Add configurable $InputLabelFmt snippet (PITS:01493).%0a* Add configurable $TrailFmt snippets.%0a* Add $EnableSearchAtLeastOneTerm, default disabled.%0a* Unset upload extensions if size for the extension is set to 0.%0a* Update feeds.php for PHP 8.2 (PITS:01494).%0a* Update documentation.%0a%0a%0a!!! Version 2.3.25 (2023-07-29) [[#v2325]]%0a* Updates for PHP 8.2.%0a* Fix pagelist when 2+ directives on the same line, reported by Simon.%0a* Fix possible bug with internal group(header|footer) directives caused by PRR().%0a* Update documentation.%0a%0a%0a!!! Version 2.3.24 (2023-06-06) [[#v2324]]%0a* Add $EnableUploadMimeMatch.%0a* Add $EnableMergeLastMinorEdit, edit functions MergeLastMinorEdit (based on Cookbook:FuseEdit), SaveChangeSummary (refactored out of HandleEdit).%0a* Fix LogoutCookies() doesn't use a $pagename argument.%0a* PmForm add condition 'validemail' for use in template require.%0a* Add $PmCryptAlgo, pmcrypt() to call password_verify() if it exists. %0a* Refactor HandleDownload() split ServeDownload($filepath, $upname).%0a* Add InsertEditFunction($newfn, $where='%3cPostPage').%0a* Add $AuthFormRespCode.%0a* Add $EnableDownloadRanges, default 1.%0a* When the token is expired, reopen edit form rather than abort.%0a* LocalTimes add $EnableRCListLastEdit.%0a* Update documentation.%0a%0a!!! Version 2.3.23 (2023-05-03) [[#v2323]]%0a* Refactor pmtoken() to use session tokens, enable for core actions.%0a* Add %25pmhlt%25[@(:input pmtoken:)@] helper.%0a* PmForm add $PmFormEnablePmToken.%0a* Refactor @@HandleLogoutA()@@ split @@LogoutCookies()@@. %0a* Fix PRCB() for PHP %3c 7.4.%0a* Update documentation.%0a%0a!!! Version 2.3.22 (2023-04-06) [[#v2322]]%0a* Add scripts/pmform.php, Site.PmFormTemplates.%0a* FmtDateTimeZ() can now accept Unix timestamps.%0a* Pagelists fix bug with multiple category=+A,+B entries.%0a* Update for PHP 8.1 (PITS:01488).%0a* MarkupDirectiveFunctions will now cast numeric arguments to floats.%0a* Prevent errors in custom PageVariables from generating internal server errors (PITS:01489).%0a* Improve inline diff for rare cases (end of page).%0a* Forms/buttons with @@data-pmconfirm="Question"@@ will ask the question before they are submitted.%0a* Update documentation.%0a%0a%0a!!! Version 2.3.21 (2023-03-06) [[#v2321]]%0a* Add $IsPmArchive, $PmArchiveDir.%0a* Sortable tables with %3ctime datetime=""> elements can be sorted by the datetime attribute. Fix for tables with preexisting %3cthead> element.%0a* Updates for PHP8.%0a* Add CSV upload extension.%0a* LocalTimes add mode=3 to show old dates as MM'YY.%0a* Fix bug with multiline $MarkupDirectiveFunctions, reported by Antti Tikanm&auml;ki.%0a* Add $EnableCopyCode and Copy code button to %3cpre> blocks, suggested by Alex Dor&eacute;.%0a* Update PmTOC to work better with Cookbook:SectionEdit.%0a* Update documentation.%0a%0a!!! Version 2.3.20 (2023-02-12) [[#v2320]]%0a* Fix undefined variable warning, reported by Gregor Klari&ccaron;.%0a%0a!!! Version 2.3.19 (2023-02-11) [[#v2319]]%0a* Only set cookie params if headers not sent. %0a* Update for PHP8.2, reported by Dfaure. PageVar() update for PHP 8.%0a* Add variable $DiffPrepareInlineFunction.%0a* PageListCache() remove unused global $PageIndexFile.%0a* Add configurable $LocalCSSDir, $LocalCSSDirUrl.%0a* DownloadUrl() add $FmtV['$LinkDownload'] with current or future download link.%0a* Add pm_recode() helper function (based on PageStore::recodefn), check for more transcode options.%0a* HandleBrowse() add $FmtV['$PageSourceText'].%0a* Add helper function KeepBlock().%0a* Add $FarmPubDirPrefix, pm_servefile(), $ServeFileExts.%0a* Update documentation.%0a%0a!!! Version 2.3.18 (2023-01-15) [[#v2318]]%0a* Refactor scripts/utils.php, add pm_json_encode() (PITS:01486).%0a* EditAutoText() fix for lines ending with multiple backslashes.%0a* PmSyntax optimize/refactor for large pages (cont.), fix inline escaped texts could ignore line markups, add EnableStopwatch.%0a* Notify fix typo in regular expression.%0a* {-Add $EnableUploadVersions >=10 to rename base.ext to base-1.ext, base-2.ext,...-} ''Redesigned in 2.3.31''%0a* CondAuth() fix bug with global $AuthList.%0a* Add helper function PRCB() for simpler preg_replace_callback passing variables.%0a* Update scripts/refcount.php for PHP 8, reported by George Murray.%0a* Add PageVariable $PageLogoUrl (PITS:01297).%0a* Update documentation.%0a%0a!!! Version 2.3.17 (2022-12-17) [[#v2317]]%0a* WikiStyles trim class names (PITS:01485).%0a* GUIEditButtons refactor to enable Undo in textarea; allow for custom functions to configure mopen, mclose, and unselect for their buttons.%0a* [[Cookbook:EditHelp|EditHelp]] refactor to allow undo; add shortcuts Ctrl+L convert selection to lowercase, Ctrl+Shift+L to uppercase, Ctrl+Shift+ArrowUp and ArrowDown to swap lines.%0a* Skip upgrade check if $EnableReadOnly.%0a* Fix bug with multiple $MarkupDirectiveFunctions.%0a* Add $EnableBaseNameConfig.%0a* PmSyntax optimize for larger pages (cont.).%0a* Input password add class "inputbox" like the other fields.%0a* CondAuth() added way to check for usergroup permissions.%0a* Update in pagelist.php for PHP 8.%0a* Documentation update.%0a%0a!!! Version 2.3.16 (2022-11-28) [[#v2316]]%0a* Class PPRC add generic callbacks.%0a* IncludeText() update for PHP 8, reported by V.Krishn.%0a* WikiStyle add 'overflow', 'notoc'.%0a* Add PmNonce().%0a* PmTOC update indented link style->classname. %0a* Responsive skin: replace %25pmhlt%25[@[[%3c%3c]]@] with %25hlt html%25[@%3cbr class='clearboth' />@], update PmTOC styles.%0a* $EnableListIncludedPages use class name instead of style. %0a* guiedit.js remove unneeded style.%0a* PmSyntax realign font for nested programming languages in the edit form, optimize for large pages.%0a* Only call session_status() if function exists.%0a* Edit form remove unsafe-inline script.%0a* Revert WikiStyleToClassName(), PrePrintFmt() -- need more work (PITS:01484).%0a* Documentation update.%0a%0a!!! Version 2.3.15 (2022-11-21) [[#v2315]]%0a* CSS pre, code relative/scalable font-size (pmwiki-responsive skin).%0a* PmSyntax add variable --pmsyntax-fontsize-editform and split from --pmsyntax-fontsize [[https://www.pmichaud.com/pipermail/pmwiki-users/2022-November/064936.html|#]].%0a* PmSyntax fix [@[[Highlight]]@] label font size and family (reported by Hans).%0a* Add variable $CookieSameSite default to 'Lax'%0a* Add argument $samesite to pmsetcookie(), default to $CookieSameSite, refactor for old and new PHP versions. %0a* Add function pm_session_start() respecting local configuration.%0a* CSP header add base-uri=self; object-src 'none'.%0a* Add $HTTPHeaders['XSSP'] = 'X-XSS-Protection: 1; mode=block'.%0a* Rewrite GUIButtons logic to avoid unsafe-inline JavaScript.%0a* Refactor WikiStyles, replace inline styles with class names to avoid unsafe-inline CSS.%0a* Refactor PQA(), tables, cells, to replace inline style="..." with class names to avoid unsafe-inline CSS.%0a* Add PrePrintFmt(), refactor PrintFmt(), PrintSkin() to process wiki pages, skin parts, and skin functions to HTML before outputting headers.%0a* Fix XSS vulnerability.%0a* Documentation update.%0a%0a!!! Version 2.3.14 (2022-11-03) [[#v2314]]%0a* Searchbox also escape custom field names.%0a* Prevent double-encoded entities in searchbox (reported by Simon).%0a* Trim $Author (PITS:01208).%0a* Replace autofocus inline JavaScript with attributes.%0a* Edit form: the label next to the "Minor edit" checkbox now toggles the checkbox.%0a* PmSyntax recognize %25pmhlt%25[@(:template requires? ...:)@].%0a* Update for PHP 8. %0a* Obsolete PCCF() from PHP 7.2 not 8.0.%0a* Add array $ObsoleteMarkups, function TraceMarkup(), update Markup(), Markup_e() and ObsoleteMarkup(), to retrieve and show files and line numbers for obsolete/disabled markup rules.%0a* Fix bug with PSFT format %25L.%0a* Update documentation.%0a%0a!!! Version 2.3.13 (2022-10-07) [[#v2313]]%0a* Close potential XSS vulnerability, reported by lukystreik (PITS:01483).%0a* Refactor $MultiFactorAuthFunction, add $FailedLoginsFunction.%0a* Update documentation.%0a%0a!!! Version 2.3.12 (2022-09-25) [[#v2312]]%0a* Stripmagic() cast null to "" and other fixes for PHP 8.%0a* Fix parse error for complex conditionals with empty variables (PITS:01480).%0a* PSFT() and MarkupExpression [@ftime@] add %25L as human readable local timestamp. %0a* MarkupRestore() fix wrong cast to empty string of false-ish values.%0a* PrintAuthForm() split from PmWikiAuth(). %0a* Fix warning for unneeded session_regenerate_id() (reported by George Murray).%0a* Update documentation.%0a%0a!!! Version 2.3.11 (2022-08-30) [[#v2311]]%0a* Add [[PageVariables]] %25pmhlt%25 [@{$GroupHomePage}@], [@{$GroupHomePageName}@], [@{$GroupHomePageTitle}@], [@{$GroupHomePageTitlespaced}@].%0a* Add $MarkupDirectiveFunctions.%0a* Fix stripmagic() for arrays recently broke after PHP8 update.%0a* Update documentation.%0a%0a!!! Version 2.3.10 (2022-08-20) [[#v2310]]%0a* Update for PHP 8.1 (reported by Armin Bühler).%0a* Forms will now prefill wildcard variables from $DefaultUnsetPageTextVars or $DefaultEmptyPageTextVars.%0a* $EnablePmSyntax = 3; will enable syntax highlighting in the edit form by default, without the user clicking on "Highlight". Fix occasional text mis-alignment between the text area and the highlighted block.%0a* Update documentation.%0a%0a!!! Version 2.3.9 (2022-08-18) [[#v239]]%0a* Add non-wildcard $DefaultUnsetPageTextVars to  %25pmhlt%25[@(:input default:)@] (reported by Johnny).%0a* PmSyntax handles new selectors pre.pmhlt, code.pmhlt.%0a* Update for PHP 8 (PITS:01478).%0a* Update documentation.%0a%0a%0a!!! Version 2.3.8 (2022-07-22) [[#v238]]%0a* PmSyntax fix for 2 different %25pmhlt%25 [@%25hlt%25@] on the same line (reported by Simon).%0a* Fix broken include when the first page doesn't exist.%0a* Update documentation.%0a%0a!!! Version 2.3.7 (2022-06-28) [[#v237]]%0a* $HTTPHeaders add X-Frame-Options (suggested by Imagine Dragon) and Content-Security-Policy to disallow embedding in external websites by default.%0a* $EnableHighlight will now remember any links to PmWiki variables and restore them after the highlighting, see [[thread->https://www.pmwiki.org/pipermail/pmwiki-users/2022-June/064887.html]].%0a* $EnablePmSyntax will now process %25pmhlt%25[@%25hlt pmwiki%25@] in addition to [@%25pmhlt%25@] blocks, and escaped markup after it will be tentatively highlighted.%0a* Update documentation.%0a%0a!!! Version 2.3.6 (2022-06-19) [[#v236]]%0a* Fixes for PHP 8.%0a* Add form attribute "lang".%0a* Sortable tables allow for table headers to have markup such as bold (except links). It will now use a case-insensitive natural ordering.%0a* Allow for $UploadVerifyFunction to modify $upname.%0a* Add variable $PageIndexTermsFunction.%0a* Searchbox allow for removal of submit button if [@label=""@]; add default [@placeholder="$[Search]"@].%0a* Fix author.php may be included before some variables are defined, reported by Said Achmiz.%0a* $EnableHighlight convert code blocks to plain text, see [[thread->https://www.pmwiki.org/pipermail/pmwiki-users/2022-June/064887.html]].%0a* Documentation update.%0a%0a%0a!!! Version 2.3.5 (2022-05-23) [[#v235]]%0a* Fix broken list=grouphomes (PITS:01477).%0a* Add DisableSkinParts() helper function for recipes.%0a* HandlePostUpload: add @@$FmtV["$filepath"]@@ and @@$FmtV["$upurl"]@@ with the file path and direct URL to the newly uploaded file.%0a* In pmwiki-utils.js, replace forgotten ''let'' with ''var'' (suggested by SteP).%0a* Update for PHP 8.1.%0a* Update documentation.%0a%0a!!! Version 2.3.4 (2022-04-22) [[#v234]]%0a* Fixes for PHP 8 warnings, reported by Siegfried Seibert.%0a* Update documentation.%0a%0a!!! Version 2.3.3 (2022-03-26) [[#v233]]%0a* Fix for PHP 8 warnings, reported by Jean-Patrick Charrey, Dominique Faure and Siegfried Seibert.%0a* Update README.txt and docs/ files, suggested by Simon Davis.%0a* Update documentation.%0a%0a!!! Version 2.3.2 (2022-02-09) [[#v232]]%0a* Allow for $EnableLocalTimes to define custom duration of the pulled page history.%0a* Rename variable $EnableIncludedPages to $EnableListIncludedPages (avoid ambiguity).%0a* Remove $LinkAlt when an embedded picture without an alternative text fails to load.%0a* PmSyntax:%0a** Allow for line breaks \\ inside headings, tables, list items (like the core).%0a** Parallel processing of multiple blocks.%0a* Add scripts/utils.php; move loading of pmwiki-utils.js and PmSyntax to scripts/utils.js.%0a** Add $EnablePmUtils, default enabled.%0a** Parallel processing of the pmwiki-utils.js utility functions.%0a** Move pmwiki-utils.js move to $HTMLHeaderFmt (often prevents page redraw with the TOC/PmToggle/LocalTimes).%0a* Fix bug causing invalid page name when the name is "Group.0".%0a* Fix PHP 8.1.2 warnings, reported by J&uuml;rgen Godau and Dominique Faure.%0a* LocaltTimes fix "rcnew" classes for wikis with the older format.%0a* Update documentation.%0a%0a!!! Version 2.3.1 (2022-01-15) [[#v231]]%0a%0a* Fix the release script which broke the $VersionNum variable and the [@[[#anchor]]@] markup with the PmWiki-responsive skin.%0a%0a!!! Version 2.3.0 (2022-01-15) [[#v230]]%0a* Add PmSyntax, $EnablePmSyntax, $CustomSyntax, [@{$EnabledIMap}@], see Cookbook:PmSyntax, Cookbook:CustomSyntax.%0a* [@(:markup:)@] can now have @@class=norender@@ to only show the source code without processing it.%0a* Updates for PHP 8.1, hide warnings, add PSFT() replacement for strftime() and 2 callbacks, $EnableFTimeNew, update core function calls, add [@%25o@] for the ordinal suffix of the date (PITS:01418).%0a* Notify: @@tz=@@ (timezone) per-user.%0a* PageList add category= argument (PITS:00447, PITS:01475); link= and category= now accept multiple pages, wildcards, and negations (PITS:00908).%0a* [=[[!Category]]=] links can have alternative text (PITS:01095).%0a* Simplify/optimize pmwiki-utils.js when using datasets, simplify sorting of table rows without cloning, add LocalTimes().%0a* Page history diff anchors to also have "id=" attributes in addition to "name=".%0a* Add $EnableLocalTimes (default disabled) and styles, add HandleDiffList().%0a* Add markup %25pmhlt%25[@@2022-01-09T08:35:00Z@]%25%25 output as %3ctime>; localized if $EnableLocalTimes.%0a** Add $CurrentLocalTime in the above format, used by default in $RecentChangesFmt.%0a* Add $EnableRecentUploads (only Site.AllRecentChanges, only if $RecentUploadsFmt not defined).%0a* PmTOC update CSS for properly indented subheadings.%0a* Edit form $EnableIncludedPages, add placeholders to e_changesummary and e_author. Enable $EnableNotSavedWarning, add to sample-config.php. EditHelp to behave more like a word processor, typing "Enter" twice without writing text removes the preceding bullet.%0a* Responsive skin details>summary:hover {color:navy, cursor: pointer;}.%0a* PrintDiff() add classes for the delay between edits: diffday, diffweek, diffmonth, diffyear.%0a* Add helper function @@DownloadUrl($pagename, $path)@@ moved from @@LinkUpload()@@.%0a* Add [=$[ULby]=] i18n string 'uploaded by'.%0a* Update documentation.%0a%0a!!! [[#older]] Older versions%0a[[(PmWiki:)ChangeLog Archive]] - changes prior to version 2.3.0.%0a
+time=1722433832
diff --git a/wikilib.d/PmWiki.Passwords b/wikilib.d/PmWiki.Passwords
index 5697b279..7c355819 100644
--- a/wikilib.d/PmWiki.Passwords
+++ b/wikilib.d/PmWiki.Passwords
@@ -1,11 +1,11 @@
-version=pmwiki-2.3.32 ordered=1 urlencoded=1
-author=simon
+version=pmwiki-2.3.35 ordered=1 urlencoded=1
+author=Petko
 charset=UTF-8
-csum=add @_site_admin (+50)
+csum=typo minus, space (+1)
 description=General use of passwords and login
 name=PmWiki.Passwords
 post= Save
-rev=253
+rev=254
 targets=PmWiki.PasswordsAdmin,PmWiki.PmWiki,PmWiki.WikiGroup,Category.Spam,!Spam,PmWiki.Security,PmWiki.AvailableActions,PmWiki.SpecialPages,PmWiki.GroupAttributes,PmWiki.Uploads,SiteAdmin.AuthList,PmWiki.SecurityVariables,PmWiki.AuthUser,Cookbook.SessionSecurityAdvice,PmWiki.ConditionalMarkup,PITS.01417,PmWiki.IncludeOtherPages,Cookbook.Cookbook
-text=(:Summary:General use of passwords and login:)(:Audience: authors :)(:Description General use of passwords and login:)%0a%0a[[PmWiki]] has built-in support for password-protecting various areas of the wiki site.  Authors generally want to be able to apply passwords to individual pages or to [[wiki group]]s.  Wiki Administrators can apply passwords to individual pages, to wiki groups, or to the [[PasswordsAdmin#settingsitewidepasswords|entire site]].  Setting an edit password on a [[#pageattr|page]] or [[#groupattr|group]] (or [[#siteattr|the entire site]]) is one of the most common ways to stop [[!spam]]. As with any access control system, the password protection mechanisms described here are only a small part of overall system and wiki [[security]].%0a%0a!! As an author editing pages...%0aAn author will generally set 3 types of passwords:%0a# to control who can see a page or group, use  @@read@@ passwords%0a# to control who can edit a page or group, use @@edit@@ passwords%0a# to control who can alter the passwords used to protect a page or group, use @@attr@@ passwords%0a%0aIf required most [[AvailableActions|page actions]] can be password protected.%0a%0a[[#pageattr]]%0a!!! Protect an individual page%0aTo set a password on an individual wiki page, add the [[AvailableActions|page action]]%0a->@@?action=attr@@ %0ato the page's URL (address) to access its attributes.  Using the form on the attributes page, you can set or clear the @@read@@, @@edit@@, or @@attr@@ passwords on the page.  In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically when it stores them. %0a%0aAdditional options:%0a* Leaving a field blank will leave the attribute unchanged. %0a* To remove a password from a page (''reverting back'' to the group's or site's default), enter %0a--> @@ clear @@%0a* To indicate that the page can be read or edited ''even if a group or site password is set'', enter %0a--> @@ @nopass @@%0a* To lock a page for everybody but the admin, enter %0a--> @@ @lock @@%0a* To assign the site's site-wide passwords to the @@read@@, @@edit@@, @@upload@@, or @@attr@@ password for the page, enter %0a--> @@ @_site_read, @_site_edit, @_site_upload, @_site_admin, or @_site_attr @@%0a%0a* (From 2.3.31) To add passwords, users, or groups to a field without removing the current attributes, enter @@"+ "@@ (plus, space) then list the new password(s), user(s), group(s):%0a--> @@+ newpasword1 id:NewUser @newgroup @@%0a%0a* (From 2.3.31) To remove specific passwords, users, or groups to a field without removing the other ones, enter @@"- "@@ (plus, space) then list the deleted password(s), user(s), group(s):%0a--> @@- oldpasword1 deletedpass2 id:DeletedUser @disabledgroup @@%0a%0a[[#groupattr]]%0a!!! Protect a wiki group of pages%0aTo set a password on a [[wiki group]] is slightly more difficult -- you just set the passwords on a [[special page(s)]] in each group called %0a->[[GroupAttributes]]%0a%0aFirst, you can get to the attributes page for `@@GroupAttributes@@ by entering a URL (address) like %0a->[@https://example.com/pmwiki/pmwiki.php?n=GroupName.GroupAttributes?action=attr@]%0aReplace @@example.com@@ with your domain name, and @@GroupName@@ with the name of the group%0a%0aThen, using the form on the attributes page, you can set or clear the @@read@@, @@edit@@, or @@attr@@ passwords for the entire group.  In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically.%0a%0aAdditional options:%0a* To remove a password from a group (''reverting back'' to the site's default), enter %0a-->@@clear@@%0a* To indicate that the group can be edited ''even if a site password is set'', enter %0a-->@@@nopass@@%0a* To lock a group for everybody but the admin, enter %0a-->@@@lock@@%0a* (Beginning with Ver 2.2.3) To assign the site's site-wide passwords to the @@read@@, @@edit@@, @@upload@@, @@admin@@,or @@attr@@ password for the group, enter %0a--> @@ @_site_read, @_site_edit, @_site_upload, @_site_admin, or @site_attr @@%0a* (From 2.3.31) To add or remove passwords or users, type @@"+ "@@ or @@"- "@@ (plus or minis, space) then the attributes to be added or removed, like for [[#pageattr|the page attributes]].%0a%0a!!! Passwords%0aPasswords may consist of any combination of characters, except double "quotes" or 'apostrophes'.%0aPasswords with spaces or colons must be entered using quotes, eg "foo bar" or "foo:bar".%0aObviously longer is [[Wikipedia:Password_strength|better]], and on some systems passwords need to have 4 or more characters.%0a%0a!!! Multiple passwords%0aMultiple passwords for a page, group or site are allowed. %0aSimply enter multiple passwords separated by a space. This allows you to have a read password, a write password, and have the write password allow read/write access.  In other words, if the read password is %0a->alpha%0aand the edit password is %0a->beta%0athen enter%0a-> [@Set new read password: alpha beta%0aSet new edit password: beta@]%0a%0aThis says that either %0a->alpha%0aor %0a->beta%0acan be used to read pages, but only %0a->beta%0amay edit. Since PmWiki checks the passwords you've entered since the browser has been opened, entering a read password that is also a write password allows both reading and writing.%0a%0a[[#siteattr]]%0a!!! Protect the site%0aPasswords can be applied to the entire wiki website in ''@@config.php@@''.%0aSee [[PasswordsAdmin#settingsitewidepasswords|passwords]] administration for details.%0a%0a%0a%25audience%25 administrator%0a%0a[[#administrators]]%0a!! As an administrator ...%0a%0aYou can set passwords on pages and groups exactly as described above for authors. You can also:%0a# set site-wide passwords for pages and groups that do not have passwords%0a# use @@attr@@ passwords to control who is able to set passwords on pages%0a# use @@upload@@ passwords to control access to the file [[upload(s)]] capabilities (if uploads are enabled)%0a# use an @@admin@@ password to override the passwords set for any individual page or group%0a# use [[SiteAdmin.AuthList]] to view the permissions settings for pages that have permissions set.  %0aFor more information on password options available to administrators, see [[PasswordsAdmin]].%0a%0a!! [[#priority]]Which password wins?%0aIn PmWiki, page passwords override group passwords, group passwords override the ''default'' passwords, and the @@admin@@ password overrides all passwords.  This gives a great deal of flexibility in controlling access to wiki pages in PmWiki. %0a%0aThe [[special page(s)]] [[SiteAdmin.AuthList]] is a page list of all pages with access permissions set.%0a%0a!! Opening access to pages in protected groups/sites%0aSometimes we want to "unprotect" pages in a group or site that is otherwise protected.  In these cases, the special password %0a->@@ @nopass @@%0ais used to indicate that access should be allowed to a page without requiring a password.  %0a%0aFor example, suppose `Main.GroupAttributes has an edit password set, thus restricting the editing of all pages in Main.  Now we want `Main.WikiSandbox to be editable without a password.  Using %0a->@@clear@@%0afor the edit password for `Main.WikiSandbox ''doesn't unprotect the page'', because the password is being set by the group.  Instead, we set the edit password for `Main.WikiSandbox to the special value %0a->@@ @nopass @@%0awhich tells PmWiki to ignore any site-wide or group-level passwords for that page.%0a%0a!! FAQ%0a>>faq%3c%3c [[#faq]]%0a%0a[[#site]]%0aQ:  How can I password protect all the pages and groups on my site?  Do I really have to set passwords page by page, or group by group?%0a%0aA:  Administrators can set passwords for the entire site by editing the @@config.php@@ file; they don't have to set passwords for each page or group.  For example, to set the entire site to be editable only by those who know an "edit" password, an administrator can add a line like the following to @@local/config.php@@:%0a%0a->  %25hlt php%25@@  $DefaultPasswords['edit'] = pmcrypt('edit_password'); @@%0a%0aFor more information about the password options that are available only to administrators, see [[PasswordsAdmin]].%0a%0aQ:  I get http error 500 "Internal Server Error" when I try to log in. What's wrong?%0a%0aA:  This can happen if the encrypted passwords are not created on the web server that hosts the PmWiki.\\%0aThe [[https://www.php.net/crypt|PHP crypt() function]] changed during the PHP development, e.g. a password encrypted with PHP 5.2 can not be decrypted in PHP 5.1, but PHP 5.2 can decrypt passwords created by PHP 5.1.\\%0aThis situation normally happens if you prepare everything on your local machine with the latest PHP version and you upload the passwords to a webserver which is running an older version.\\%0aThe same error occurs when you add encrypted passwords to @@local/config.php@@.%0a%0aSolution: Create the passwords on the system with the oldest PHP version and use them on all other systems.%0a%0aQ:  How can I create private groups for users, so that each user can edit pages in their group, but no one else (other than the admin) can?%0a%0aA: Modify the edit attribute for each group to id:username, e.g. set the edit attribute in JaneDoe.GroupAttributes to id:JaneDoe.%0a%0aThere is a more automatic solution, but it's probably not a good idea for most wikis. Administrators can use the [[(PmWiki:)AuthUser]] recipe and add the following few lines to their local/config.php file to set this up:%0a->%25hlt php%25[@$group = FmtPageName('$Group', $pagename);%0a$DefaultPasswords['edit'] = 'id:'.$group;%0ainclude_once("$FarmD/scripts/authuser.php"); @]%0aThis automatically gives edit rights to a group to every user who has the same user name as the group name. Unfortunately it also gives edit rights to such a user who is visiting a same-named group not just for pages in that group, but for any page on the wiki that relies on the site's default edit password. This can create security holes.%0a%0aQ: [[#farm]] How come when I switch to another wiki within a farm, I keep my same authorization?%0a%0aA: PmWiki uses PHP sessions to keep track of authentication/authorization information, and by default PHP sets things up such that all interactions with the same server are considered part of the same session.\\%0aFor security considerations about shared session pools, see the "Session injection" chapter in Cookbook:SessionSecurityAdvice.\\%0aTo fix the browser-side convenience issue, one easy way is to make sure each wiki uses a different cookie name for its session identifier.  Near the top of one of the wiki's @@local/config.php@@ files, before calling authuser or any other recipes, add a line like:%0a-> %25hlt php%25[@session_name('XYZSESSID');@]%0aYou can pick any alphanumeric name for XYZSESSID; for example, for the cs559-1 wiki you might choose%0a-> %25hlt php%25[@session_name('CS559SESSID');@]%0aThis will keep the two wikis' session cookies independent of each other.%0a%0aQ: Is it possible to test the password level for display and/or if condition? Example: %25pmhlt%25[= * (:if WriterPassword:) (display Edit link) (:ifend:) =]%0a%0aA: You can use %25pmhlt%25[@(:if auth edit:)@]. See [[ConditionalMarkup]].%0a%0aQ: [[#condmarkup-secrets]] Can I use %25pmhlt%25[@(:if …:)@] to hide secrets in a wiki page?%0a%0aA: You can, but [[usually that's not secure -> PITS:01417]].%0aThe recommended strategy is to put secrets in a separate page and restrict all read-related¹ access permissions to those users who are allowed to read the secrets.%0aTo display the secrets in another page, you can [[include( other pages)]] (parts of) the secrets page:%0aUsers with read access to the secrets will readily see them, whereas other users see nothing or (at your choosing) some other text, e.g. a login link.%0a-> ¹ Currently (version 2.2.99), these are: @@read@@ (would allow include), @@edit@@ (would show the source), @@attr@@ (would allow to obtain read/edit), @@diff@@ (would allow viewing any change), @@source@@ (allows raw source display)%0a%0aThe reason why [[Conditional Markup]] isn't suitable for access control is that it only applies for rendering wikitext as a web page, and that's just one of many ways to access a page's text.%0aIn order to rely on Conditional Markup for protection of secrets, you'd have to restrict all access methods that can circumvent it.%0aTo do so, you'd need to keep track of all methods available.%0aIn a default installation of PmWiki, some of the easy methods include: Editing a page, viewing its edit history, its source, or [[including fragments of it -> IncludeOtherPages]] into the edit preview of another page. (Preview: To avoid traces in @@RecentChanges@@.)%0aHowever, this list is far from exhaustive, and could easily grow with [[Recipes -> Cookbook/]] or future versions of PmWiki.%0a%0a
-time=1712290065
+text=(:Summary:General use of passwords and login:)(:Audience: authors :)(:Description General use of passwords and login:)%0a%0a[[PmWiki]] has built-in support for password-protecting various areas of the wiki site.  Authors generally want to be able to apply passwords to individual pages or to [[wiki group]]s.  Wiki Administrators can apply passwords to individual pages, to wiki groups, or to the [[PasswordsAdmin#settingsitewidepasswords|entire site]].  Setting an edit password on a [[#pageattr|page]] or [[#groupattr|group]] (or [[#siteattr|the entire site]]) is one of the most common ways to stop [[!spam]]. As with any access control system, the password protection mechanisms described here are only a small part of overall system and wiki [[security]].%0a%0a!! As an author editing pages...%0aAn author will generally set 3 types of passwords:%0a# to control who can see a page or group, use  @@read@@ passwords%0a# to control who can edit a page or group, use @@edit@@ passwords%0a# to control who can alter the passwords used to protect a page or group, use @@attr@@ passwords%0a%0aIf required most [[AvailableActions|page actions]] can be password protected.%0a%0a[[#pageattr]]%0a!!! Protect an individual page%0aTo set a password on an individual wiki page, add the [[AvailableActions|page action]]%0a->@@?action=attr@@ %0ato the page's URL (address) to access its attributes.  Using the form on the attributes page, you can set or clear the @@read@@, @@edit@@, or @@attr@@ passwords on the page.  In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically when it stores them. %0a%0aAdditional options:%0a* Leaving a field blank will leave the attribute unchanged. %0a* To remove a password from a page (''reverting back'' to the group's or site's default), enter %0a--> @@ clear @@%0a* To indicate that the page can be read or edited ''even if a group or site password is set'', enter %0a--> @@ @nopass @@%0a* To lock a page for everybody but the admin, enter %0a--> @@ @lock @@%0a* To assign the site's site-wide passwords to the @@read@@, @@edit@@, @@upload@@, or @@attr@@ password for the page, enter %0a--> @@ @_site_read, @_site_edit, @_site_upload, @_site_admin, or @_site_attr @@%0a%0a* (From 2.3.31) To add passwords, users, or groups to a field without removing the current attributes, enter @@"+ "@@ (plus, space) then list the new password(s), user(s), group(s):%0a--> @@+ newpasword1 id:NewUser @newgroup @@%0a%0a* (From 2.3.31) To remove specific passwords, users, or groups to a field without removing the other ones, enter @@"- "@@ (minus, space) then list the deleted password(s), user(s), group(s):%0a--> @@- oldpasword1 deletedpass2 id:DeletedUser @disabledgroup @@%0a%0a[[#groupattr]]%0a!!! Protect a wiki group of pages%0aTo set a password on a [[wiki group]] is slightly more difficult -- you just set the passwords on a [[special page(s)]] in each group called %0a->[[GroupAttributes]]%0a%0aFirst, you can get to the attributes page for `@@GroupAttributes@@ by entering a URL (address) like %0a->[@https://example.com/pmwiki/pmwiki.php?n=GroupName.GroupAttributes?action=attr@]%0aReplace @@example.com@@ with your domain name, and @@GroupName@@ with the name of the group%0a%0aThen, using the form on the attributes page, you can set or clear the @@read@@, @@edit@@, or @@attr@@ passwords for the entire group.  In the form you enter the passwords as cleartext; PmWiki encrypts them for you automatically.%0a%0aAdditional options:%0a* To remove a password from a group (''reverting back'' to the site's default), enter %0a-->@@clear@@%0a* To indicate that the group can be edited ''even if a site password is set'', enter %0a-->@@@nopass@@%0a* To lock a group for everybody but the admin, enter %0a-->@@@lock@@%0a* (Beginning with Ver 2.2.3) To assign the site's site-wide passwords to the @@read@@, @@edit@@, @@upload@@, @@admin@@,or @@attr@@ password for the group, enter %0a--> @@ @_site_read, @_site_edit, @_site_upload, @_site_admin, or @site_attr @@%0a* (From 2.3.31) To add or remove passwords or users, type @@"+ "@@ or @@"- "@@ (plus or minis, space) then the attributes to be added or removed, like for [[#pageattr|the page attributes]].%0a%0a!!! Passwords%0aPasswords may consist of any combination of characters, except double "quotes" or 'apostrophes'.%0aPasswords with spaces or colons must be entered using quotes, eg "foo bar" or "foo:bar".%0aObviously longer is [[Wikipedia:Password_strength|better]], and on some systems passwords need to have 4 or more characters.%0a%0a!!! Multiple passwords%0aMultiple passwords for a page, group or site are allowed. %0aSimply enter multiple passwords separated by a space. This allows you to have a read password, a write password, and have the write password allow read/write access.  In other words, if the read password is %0a->alpha%0aand the edit password is %0a->beta%0athen enter%0a-> [@Set new read password: alpha beta%0aSet new edit password: beta@]%0a%0aThis says that either %0a->alpha%0aor %0a->beta%0acan be used to read pages, but only %0a->beta%0amay edit. Since PmWiki checks the passwords you've entered since the browser has been opened, entering a read password that is also a write password allows both reading and writing.%0a%0a[[#siteattr]]%0a!!! Protect the site%0aPasswords can be applied to the entire wiki website in ''@@config.php@@''.%0aSee [[PasswordsAdmin#settingsitewidepasswords|passwords]] administration for details.%0a%0a%0a%25audience%25 administrator%0a%0a[[#administrators]]%0a!! As an administrator ...%0a%0aYou can set passwords on pages and groups exactly as described above for authors. You can also:%0a# set site-wide passwords for pages and groups that do not have passwords%0a# use @@attr@@ passwords to control who is able to set passwords on pages%0a# use @@upload@@ passwords to control access to the file [[upload(s)]] capabilities (if uploads are enabled)%0a# use an @@admin@@ password to override the passwords set for any individual page or group%0a# use [[SiteAdmin.AuthList]] to view the permissions settings for pages that have permissions set.  %0aFor more information on password options available to administrators, see [[PasswordsAdmin]].%0a%0a!! [[#priority]]Which password wins?%0aIn PmWiki, page passwords override group passwords, group passwords override the ''default'' passwords, and the @@admin@@ password overrides all passwords.  This gives a great deal of flexibility in controlling access to wiki pages in PmWiki. %0a%0aThe [[special page(s)]] [[SiteAdmin.AuthList]] is a page list of all pages with access permissions set.%0a%0a!! Opening access to pages in protected groups/sites%0aSometimes we want to "unprotect" pages in a group or site that is otherwise protected.  In these cases, the special password %0a->@@ @nopass @@%0ais used to indicate that access should be allowed to a page without requiring a password.  %0a%0aFor example, suppose `Main.GroupAttributes has an edit password set, thus restricting the editing of all pages in Main.  Now we want `Main.WikiSandbox to be editable without a password.  Using %0a->@@clear@@%0afor the edit password for `Main.WikiSandbox ''doesn't unprotect the page'', because the password is being set by the group.  Instead, we set the edit password for `Main.WikiSandbox to the special value %0a->@@ @nopass @@%0awhich tells PmWiki to ignore any site-wide or group-level passwords for that page.%0a%0a!! FAQ%0a>>faq%3c%3c [[#faq]]%0a%0a[[#site]]%0aQ:  How can I password protect all the pages and groups on my site?  Do I really have to set passwords page by page, or group by group?%0a%0aA:  Administrators can set passwords for the entire site by editing the @@config.php@@ file; they don't have to set passwords for each page or group.  For example, to set the entire site to be editable only by those who know an "edit" password, an administrator can add a line like the following to @@local/config.php@@:%0a%0a->  %25hlt php%25@@  $DefaultPasswords['edit'] = pmcrypt('edit_password'); @@%0a%0aFor more information about the password options that are available only to administrators, see [[PasswordsAdmin]].%0a%0aQ:  I get http error 500 "Internal Server Error" when I try to log in. What's wrong?%0a%0aA:  This can happen if the encrypted passwords are not created on the web server that hosts the PmWiki.\\%0aThe [[https://www.php.net/crypt|PHP crypt() function]] changed during the PHP development, e.g. a password encrypted with PHP 5.2 can not be decrypted in PHP 5.1, but PHP 5.2 can decrypt passwords created by PHP 5.1.\\%0aThis situation normally happens if you prepare everything on your local machine with the latest PHP version and you upload the passwords to a webserver which is running an older version.\\%0aThe same error occurs when you add encrypted passwords to @@local/config.php@@.%0a%0aSolution: Create the passwords on the system with the oldest PHP version and use them on all other systems.%0a%0aQ:  How can I create private groups for users, so that each user can edit pages in their group, but no one else (other than the admin) can?%0a%0aA: Modify the edit attribute for each group to id:username, e.g. set the edit attribute in JaneDoe.GroupAttributes to id:JaneDoe.%0a%0aThere is a more automatic solution, but it's probably not a good idea for most wikis. Administrators can use the [[(PmWiki:)AuthUser]] recipe and add the following few lines to their local/config.php file to set this up:%0a->%25hlt php%25[@$group = FmtPageName('$Group', $pagename);%0a$DefaultPasswords['edit'] = 'id:'.$group;%0ainclude_once("$FarmD/scripts/authuser.php"); @]%0aThis automatically gives edit rights to a group to every user who has the same user name as the group name. Unfortunately it also gives edit rights to such a user who is visiting a same-named group not just for pages in that group, but for any page on the wiki that relies on the site's default edit password. This can create security holes.%0a%0aQ: [[#farm]] How come when I switch to another wiki within a farm, I keep my same authorization?%0a%0aA: PmWiki uses PHP sessions to keep track of authentication/authorization information, and by default PHP sets things up such that all interactions with the same server are considered part of the same session.\\%0aFor security considerations about shared session pools, see the "Session injection" chapter in Cookbook:SessionSecurityAdvice.\\%0aTo fix the browser-side convenience issue, one easy way is to make sure each wiki uses a different cookie name for its session identifier.  Near the top of one of the wiki's @@local/config.php@@ files, before calling authuser or any other recipes, add a line like:%0a-> %25hlt php%25[@session_name('XYZSESSID');@]%0aYou can pick any alphanumeric name for XYZSESSID; for example, for the cs559-1 wiki you might choose%0a-> %25hlt php%25[@session_name('CS559SESSID');@]%0aThis will keep the two wikis' session cookies independent of each other.%0a%0aQ: Is it possible to test the password level for display and/or if condition? Example: %25pmhlt%25[= * (:if WriterPassword:) (display Edit link) (:ifend:) =]%0a%0aA: You can use %25pmhlt%25[@(:if auth edit:)@]. See [[ConditionalMarkup]].%0a%0aQ: [[#condmarkup-secrets]] Can I use %25pmhlt%25[@(:if …:)@] to hide secrets in a wiki page?%0a%0aA: You can, but [[usually that's not secure -> PITS:01417]].%0aThe recommended strategy is to put secrets in a separate page and restrict all read-related¹ access permissions to those users who are allowed to read the secrets.%0aTo display the secrets in another page, you can [[include( other pages)]] (parts of) the secrets page:%0aUsers with read access to the secrets will readily see them, whereas other users see nothing or (at your choosing) some other text, e.g. a login link.%0a-> ¹ Currently (version 2.2.99), these are: @@read@@ (would allow include), @@edit@@ (would show the source), @@attr@@ (would allow to obtain read/edit), @@diff@@ (would allow viewing any change), @@source@@ (allows raw source display)%0a%0aThe reason why [[Conditional Markup]] isn't suitable for access control is that it only applies for rendering wikitext as a web page, and that's just one of many ways to access a page's text.%0aIn order to rely on Conditional Markup for protection of secrets, you'd have to restrict all access methods that can circumvent it.%0aTo do so, you'd need to keep track of all methods available.%0aIn a default installation of PmWiki, some of the easy methods include: Editing a page, viewing its edit history, its source, or [[including fragments of it -> IncludeOtherPages]] into the edit preview of another page. (Preview: To avoid traces in @@RecentChanges@@.)%0aHowever, this list is far from exhaustive, and could easily grow with [[Recipes -> Cookbook/]] or future versions of PmWiki.%0a%0a
+time=1722399498
author	petko <petko@524c5546-5005-0410-9a3e-e25e191bd360>	2024-07-31 13:52:27 +0000
committer	petko <petko@524c5546-5005-0410-9a3e-e25e191bd360>	2024-07-31 13:52:27 +0000
commit	7ad14c4b20c2385e6b6352febcb5b927307afaf5 (patch)
tree	1864291f04ea7c55e99c3dad5b2fa50e809818e6 /wikilib.d
parent	0e14bed10d95dcbb0f5fa481415aba724f662a8d (diff)
download	pmwiki.svn-7ad14c4b20c2385e6b6352febcb5b927307afaf5.tar.bz2