In an older version of PHP a file_exists() call would issue a warning
when the file did not exist. This was fixed in later PHP releases. Since
we require PHP 5.3 now, there's no need to supress any error here
anymore. This might even give a minor performance boost.
Since Chrome 37, they send differen accept encodings for POST and GET
requests which will break BrowserUID checks as reported in
cosmocode/dokuwiki-plugin-oauth/issues/3
See https://code.google.com/p/chromium/issues/detail?id=410559 for
official bug report at Google
* origin/auth_getUserData_improvements:
KISS - remove class constants for REQUIRE_GROUPS & IGNORE_GROUPS and replace with boolean values
use $requireGroups constants in auth classes; comments; code improvements
fix comment errors, sp. & grammar
code styling - add missing braces
Allow user info to be retrieved without groups
Restore correct public interface of getUserData() for authldap plugin
Conflicts:
inc/common.php
Some parts of dokuwiki (e.g. recent changes, old revisions) can
requests lots of user info (to provide editor names) without
requiring any group information.
This change also implements caching of user info by authmysql &
authpgsql plugins to avoid repeated querying of the DB to retrieve
the same user information.
- %GROUP% & %USER% can now both be used in the same rule, e.g.
%GROUP%:%USER% 2
- rules with tokens will be skipped when the user is not logged in
previously %USER% was attempted
* 'FS#2751' of git://github.com/splitbrain/dokuwiki:
coding corrections. correct type hint, remove unused variable assignment
de/de-informal: localization updates (delete user function)
unit tests for self deleting of user accounts
FS#2751 - self deletion of user account
The current message confusingly mentions bad 'username' when username is not involved. The
new message is the same as that introduced for an incorrect current password on the self
delete profile form (FS#2751)
Added an explanation that what we do is like normal CBC but that we
additionally encrypt the IV which is actually suggested by the NIST for
non-random (but unique) IVs. In the decryption process it's not
necessary to decrypt the IV, this should save some time.
No need for HMAC here because there's no length attack vector here. We
only care for the existance of the file and each reset request is
completely (random) independent from each other.
