darcs changes 2009-02-01

Good Morning!

This are the darcs changes for DokuWiki committed
yesterday. Please test them and report bugs.

---------------------------------------------------------------------
Sun Feb  1 01:00:01 CET 2009  Andreas Gohr <andi[at]splitbrain.org>
  tagged develsnap 2009-02-01
---------------------------------------------------------------------

Single patches can be downloaded from
http://dev.splitbrain.org/darcs/index.cgi/dokuwiki/?c=patches

Bye,
your darcs changelog mailer

--

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Re: Recent Changes for only a specific namespace?

Multitemplate_styleman plugin gets buggy with last RC

Re: Multitemplate_styleman plugin gets buggy with last RC

Re: Multitemplate_styleman plugin gets buggy with last RC

> This is rather strange because this is due to upgrading process, not to the
> template itself (that has NO new release !) or the dokuwiki release that
> were both working fine together untill I tryed the "upgrade" button.
>
> For now I had to abandon multitemplate for a template common to all pages
> 
>
> What can be done to that ?
>
> Hugo
>

Hi Hugo,

With regards to the multitemplate template and other software on my site...

Please try to be patient, I simply have not had the time yet to
investigate what changes need to made.

Multitemplate itself is fairly generic though, I doubt it needs any
changes to begin with.
-- 
--Terence J. Grant
--

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Re: XSS Vulnerability - Update your discussion plugins!

Hello Michael,

First of all, thank for having fixed this vulnerability.
I followed you recommendation and I upgraded your plugin to 2009-01-31
version. However I had a strange problem that seams linked to this
upgrade:
Since the upgrade I got lot of spam on my discussions threads although
I well activated the CAPTCHA protection. I don't know if I'm alone
with this problem and I don't know if it's really related to this
upgrade but I would be very welcomed if you could check if your
modifications could break something on the CAPTCHA protection.

regards,
Stéphane Gully

On Sat, Jan 31, 2009 at 4:42 PM, Michael Klier <chi <at> chimeric.de> wrote:
> Hi,
>
> there's been a XSS vulnerability discovered in the discussion plugin [1],
> which allowed users to post "evil" URLs, which could be used to perform XSS
> attacks. A fixed version of the plugin is available as of today!
>
> Everybody who is using this plugin is highly encouraged to update to the
> latest version (2009-01-31)!
>
> Many thanks to the Oracle Ethical Hacking Team for reporting the prolem!
>
> Best Regards,
>        Michael Klier
>
> [1] http://dokuwiki.org/plugin:discussion
>
> --
> Michael Klier
>
> www:    http://www.chimeric.de
> jabber: chi <at> jabber.shipdown.de
> key:    http://downloads.chimeric.de/chi.asc
> key-id: 0x8308F551
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJhHFZAuL1i4MI9VERAsQ3AJ9JCHANQ2GuNqS8ᾝ὆寨̛�⟖壥
> NqFA5y3oK47CozpAdnm/bzI=
> =2ZBP
> -----END PGP SIGNATURE-----
>
>
--

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

Re: XSS Vulnerability - Update your discussion plugins!

On Mon, Feb 02, 2009 at 07:59:16AM +0100, Stéphane Gully wrote:
> First of all, thank for having fixed this vulnerability.
> I followed you recommendation and I upgraded your plugin to 2009-01-31
> version. However I had a strange problem that seams linked to this
> upgrade:
> Since the upgrade I got lot of spam on my discussions threads although
> I well activated the CAPTCHA protection. I don't know if I'm alone
> with this problem and I don't know if it's really related to this
> upgrade but I would be very welcomed if you could check if your
> modifications could break something on the CAPTCHA protection.

Ah, that little detail slipped through somehow :/. You also have to upgrade
the captcha plugin, as the new discussion plugin is only compatible to the
latest version of the captcha plugin (2008-01-03) and vice versa.

Regards,
	Michael

--

-- 
Michael Klier

www:    http://www.chimeric.de
jabber: chi <at> jabber.shipdown.de
key:    http://downloads.chimeric.de/chi.asc
key-id: 0x8308F551

Re: XSS Vulnerability - Update your discussion plugins!

Thank you  Michael !
I think I don't receive any spam now.
regards,
Stéphane Gully

On Mon, Feb 2, 2009 at 8:05 AM, Michael Klier <chi <at> chimeric.de> wrote:
> On Mon, Feb 02, 2009 at 07:59:16AM +0100, Stéphane Gully wrote:
>> First of all, thank for having fixed this vulnerability.
>> I followed you recommendation and I upgraded your plugin to 2009-01-31
>> version. However I had a strange problem that seams linked to this
>> upgrade:
>> Since the upgrade I got lot of spam on my discussions threads although
>> I well activated the CAPTCHA protection. I don't know if I'm alone
>> with this problem and I don't know if it's really related to this
>> upgrade but I would be very welcomed if you could check if your
>> modifications could break something on the CAPTCHA protection.
>
> Ah, that little detail slipped through somehow :/. You also have to upgrade
> the captcha plugin, as the new discussion plugin is only compatible to the
> latest version of the captcha plugin (2008-01-03) and vice versa.
>
> Regards,
>        Michael
>
> --
> Michael Klier
>
> www:    http://www.chimeric.de
> jabber: chi <at> jabber.shipdown.de
> key:    http://downloads.chimeric.de/chi.asc
> key-id: 0x8308F551
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFJhpshAuL1i4MI9VERAgR1AJ9hJ88dx9PQOND4sQoy8a1S+utUfwCfcpVZ
> OVNlwk/MfdIKPQKihRQh5ws=
> =jQzW
> -----END PGP SIGNATURE-----
>
>
--

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

invoke mediamanager in a plugin

Does anyone know how/if I can use the media-manager to fill an input field
in a form created by a plugin [kind of an addition to the bureaucracy
plugin]?

After spending some time searching dowkuwiki.org/freelists/source code I
obvisouly didn't get it.
I can fire the mediamanager in a form with an onclick (or other) event.
But I do not know how to do a proper set up so that clicking an image in
the mediamanager fills the field I want (how do I specify the element
id, the opener window id?) then close the pop-up window.

I got 2 errors in the browser console:
1) this.editor is null - on mediamanager  window creation
2) opener.insertTags is not a function - when I click an img in media
manager

Thanks!
Stephane

--

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

me and feedparsing - next question

Hi,

I rewrote the plugin mentioned in my last mail and wrote a new one
including SimplePie.php. Works great, only that I want the Dilbert daily
cartoon now, and feedburner dislikes SimplePie... Took a while until I
got it working, but it runs nearly fine now.

I get as $item->get_permalink() something like
'http://feedproxy.google.com/~r/DilbertDailyStrip/~3/3Ds_eCGi5XM/', and
build a string like
'[[http://dilbert.com/|{{http://feedproxy.google.com/~r/DilbertDailyStrip/~3/3Ds_eCGi5XM/}}]]'.

The following code is ($dings is the string):
if (!function_exists('p_get_instructions'))
    require_once(DOKU_INC . 'inc/parserutils.php');
$instruc = p_get_instructions($dings);
$myinfo  = array();
$retval  = p_render('xhtml', $instruc, $myinfo);

The page only shows (in the source code):

<a href="http://dilbert.com/" class="media" target="echstern"
title="http://dilbert.com/"  rel="nofollow">3Ds_eCGi5XM</a>

Okay, except for the text - this should be a picture! I had output of
print_r($instruc, true) included in the page, and it shows - among others:

[2] => Array
        (
            [0] => externallink
            [1] => Array
                (
                    [0] => http://dilbert.com/
                    [1] => Array
                        (
                            [type] => externalmedia
                            [src] =>
http://feedproxy.google.com/~r/DilbertDailyStrip/~3/3Ds_eCGi5XM/
                            [title] =>
                            [align] =>
                            [width] =>
                            [height] =>
                            [cache] => cache
                            [linking] => details
                        )

                )

            [2] => 1
        )

So - for my understanding - the code is parsed as it should, but the
renderer is somewhat shortening...

The complete code of the plugin plus the complete output of $instruc can
be found on <http://www.wernerflamme.name/doku.php?id=comp:en:dilbert>.

BTW, when I copy the content of $dings [[http://...|{{http://..}}]] in a
DW page manually, the same thing happens, the same text in the page
source instead of the picture.

Regards,
Werner
--

-- 
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist