Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Configmgr improvements #186

Merged
merged 22 commits into from

6 participants

@Chris--S
Collaborator

all so far is pretty safe/minimal.

more is possible/likely

@splitbrain
Owner

I'd be fine with merging this right away, but since it's not really bug fixing it should probably wait til after the release?

@Chris--S
Collaborator

The second last commit is a bug, but one that would be very easy to replicate. The rest don't make a huge difference either way. As I say above, I'm (sort of) considering planning doing more, I put this up to hopefully get some discussion on ideas at a developer irc chat.

Chris--S and others added some commits
@Chris--S Chris--S change tpl_actiondropdown request method to 'get'
64b85cc
@Chris--S Chris--S remove security token from tpl_actiondropdown - its not necessary, we…
…'re not posting any system change
f2cf18d
@Chris--S Chris--S add security token back, but not for anonymous users
6acc112
@dom-mel dom-mel fixed auth_browseruid on IE9
IE9 send different HTTP_ACCEPT_LANGUAGE header on ajax request. This causes different results from auth_browseruid. This patch removes the HTTP_ACCEPT_LANGUAGE from the browser id calculation.
6b6c1ea
@arbrk1 arbrk1 Update inc/template.php
changed nonexistant actionOk to actionOK
853d4ca
@michitux michitux Fix handling of failed authentication loading
In the case of a failed authentication initialization, the
authentication setup was simply continued with an unset $auth object.
This restores the previous behavior (before merging #141) of simply
returning after unsetting $auth. Furthermore this re-introduces the
check if $auth is set before checking $auth and removes a useless
check if $auth is true (could never be false).
b623501
@michitux michitux Revert the search depth behavior changes from #154
This reverts parts of the changes from #154: Before merging the pull
request, a depth of 1 returned just the pages in the root namespace.
With the changes in the pull request, a depth of 1 also returned pages
in subnamespaces of the root namespace (as it was also tested in the test case).
This reverts this part of the changes and a depth of 1 returns just the
pages in the root namespace again.
e8baa22
@michitux michitux Fix remaining missing $INPUT uses FS#2577
This adds $INPUT in all places where it was still missing and available.
$INPUT is now also used in places where using $_REQUEST/... was okay in
order to make the code consistent.
9507770
@Chris--S Chris--S add unit test for pageinfo()
5ab3b77
@splitbrain little change to syntax we had on the life site
11a53a8
@michitux michitux Fix double encoding in rss syntax FS#2731
64e8e11
Lorenzo Radaelli Italian language update
a465568
@lainme lainme Simplified Chinese language update
3fe2803
@splitbrain fixed typos
bdac741
@Chris--S
Collaborator

hmm.

I did git cherry-pick to apply the xmlrpc caution fix to master, then rebased my local copy of this branch. Why does it end up like this (it wouldn't let me push without a merge) - listing all the patches from master and not simply removing the commit which now exists in master?

@splitbrain
Owner

From my experience:

  • never ever do a rebase on anything that has been pushed somewhere, it always ends up weird
  • a cherry picked patch has a different ID than the orginal patch and thus is treated as a different patch by git
  • cherry picked patches are usually detected just fine on a merge, so there's no need to "clean up" the feature branch for later merging
@Chris--S
Collaborator
@splitbrain
Owner

conflicts need to be resolved, but should be merged

@splitbrain
Owner

@Chris--S can you update this so it's mergable?

Chris--S added some commits
@Chris--S Chris--S Merge branch 'master' into configmgr_improvements
Conflicts:
	inc/auth.php
	inc/template.php
	lib/plugins/authad/lang/zh/settings.php
	lib/plugins/authldap/lang/en/settings.php
	lib/plugins/authldap/lang/zh/settings.php
	lib/plugins/authmysql/lang/zh/settings.php
	lib/plugins/config/settings/config.class.php
	lib/plugins/usermanager/admin.php
af07997
@Chris--S Chris--S Merge branch 'master' into configmgr_improvements
b8b64ed
@Chris--S
Collaborator

merge conflict removed. should be good to go...

@splitbrain splitbrain merged commit 4918284 into from
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Feb 18, 2013
  1. @Chris--S
  2. @Chris--S

    remove php_strip_whitespace() alternate, no longer required as php mi…

    Chris--S authored
    …n req't ensures its always present
  3. @Chris--S
  4. @Chris--S
  5. @Chris--S
  6. @Chris--S

    replace preset _cautionList property with _caution config metadata pa…

    Chris--S authored
    …rameter, plugins can now easily set cautions on their settings
Commits on Feb 24, 2013
  1. @Chris--S
  2. @Chris--S

    remove security token from tpl_actiondropdown - its not necessary, we…

    Chris--S authored
    …'re not posting any system change
  3. @Chris--S
  4. @dom-mel @Chris--S

    fixed auth_browseruid on IE9

    dom-mel authored Chris--S committed
    IE9 send different HTTP_ACCEPT_LANGUAGE header on ajax request. This causes different results from auth_browseruid. This patch removes the HTTP_ACCEPT_LANGUAGE from the browser id calculation.
  5. @arbrk1 @Chris--S

    Update inc/template.php

    arbrk1 authored Chris--S committed
    changed nonexistant actionOk to actionOK
  6. @michitux @Chris--S

    Fix handling of failed authentication loading

    michitux authored Chris--S committed
    In the case of a failed authentication initialization, the
    authentication setup was simply continued with an unset $auth object.
    This restores the previous behavior (before merging #141) of simply
    returning after unsetting $auth. Furthermore this re-introduces the
    check if $auth is set before checking $auth and removes a useless
    check if $auth is true (could never be false).
  7. @michitux @Chris--S

    Revert the search depth behavior changes from #154

    michitux authored Chris--S committed
    This reverts parts of the changes from #154: Before merging the pull
    request, a depth of 1 returned just the pages in the root namespace.
    With the changes in the pull request, a depth of 1 also returned pages
    in subnamespaces of the root namespace (as it was also tested in the test case).
    This reverts this part of the changes and a depth of 1 returns just the
    pages in the root namespace again.
  8. @michitux @Chris--S

    Fix remaining missing $INPUT uses FS#2577

    michitux authored Chris--S committed
    This adds $INPUT in all places where it was still missing and available.
    $INPUT is now also used in places where using $_REQUEST/... was okay in
    order to make the code consistent.
  9. @Chris--S

    add unit test for pageinfo()

    Chris--S authored
  10. @Chris--S

    little change to syntax we had on the life site

    authored Chris--S committed
  11. @michitux @Chris--S

    Fix double encoding in rss syntax FS#2731

    michitux authored Chris--S committed
  12. @Chris--S

    Italian language update

    Lorenzo Radaelli authored Chris--S committed
  13. @lainme @Chris--S

    Simplified Chinese language update

    lainme authored Chris--S committed
  14. @Chris--S

    fixed typos

    authored Chris--S committed
Commits on Jul 30, 2013
  1. @Chris--S

    Merge branch 'master' into configmgr_improvements

    Chris--S authored
    Conflicts:
    	inc/auth.php
    	inc/template.php
    	lib/plugins/authad/lang/zh/settings.php
    	lib/plugins/authldap/lang/en/settings.php
    	lib/plugins/authldap/lang/zh/settings.php
    	lib/plugins/authmysql/lang/zh/settings.php
    	lib/plugins/config/settings/config.class.php
    	lib/plugins/usermanager/admin.php
Commits on Aug 2, 2013
  1. @Chris--S
This page is out of date. Refresh to see the latest.
View
2  lib/plugins/authldap/lang/en/settings.php
@@ -20,4 +20,4 @@
$lang['deref_o_0'] = 'LDAP_DEREF_NEVER';
$lang['deref_o_1'] = 'LDAP_DEREF_SEARCHING';
$lang['deref_o_2'] = 'LDAP_DEREF_FINDING';
-$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS';
+$lang['deref_o_3'] = 'LDAP_DEREF_ALWAYS';
View
140 lib/plugins/config/settings/config.class.php
@@ -366,12 +366,11 @@ class setting {
var $_pattern = '';
var $_error = false; // only used by those classes which error check
var $_input = null; // only used by those classes which error check
+ var $_caution = null; // used by any setting to provide an alert along with the setting
+ // valid alerts, 'warning', 'danger', 'security'
+ // images matching the alerts are in the plugin's images directory
- var $_cautionList = array(
- 'basedir' => 'danger', 'baseurl' => 'danger', 'savedir' => 'danger', 'cookiedir' => 'danger', 'useacl' => 'danger', 'authtype' => 'danger', 'superuser' => 'danger', 'userewrite' => 'danger',
- 'start' => 'warning', 'camelcase' => 'warning', 'deaccent' => 'warning', 'sepchar' => 'warning', 'compression' => 'warning', 'xsendfile' => 'warning', 'renderer_xhtml' => 'warning', 'fnencode' => 'warning',
- 'allowdebug' => 'security', 'htmlok' => 'security', 'phpok' => 'security', 'iexssprotect' => 'security', 'remote' => 'security', 'fullpath' => 'security'
- );
+ static protected $_validCautions = array('warning','danger','security');
function setting($key, $params=null) {
$this->_key = $key;
@@ -473,8 +472,22 @@ function is_default() { return !$this->is_protected() && is_null($this->_local);
function error() { return $this->_error; }
function caution() {
- if (!array_key_exists($this->_key, $this->_cautionList)) return false;
- return $this->_cautionList[$this->_key];
+ if (!empty($this->_caution)) {
+ if (!in_array($this->_caution, setting::$_validCautions)) {
+ trigger_error('Invalid caution string ('.$this->_caution.') in metadata for setting "'.$this->_key.'"', E_USER_WARNING);
+ return false;
+ }
+ return $this->_caution;
+ }
+ // compatibility with previous cautionList
+ // TODO: check if any plugins use; remove
+ if (!empty($this->_cautionList[$this->_key])) {
+ $this->_caution = $this->_cautionList[$this->_key];
+ unset($this->_cautionList);
+
+ return $this->caution();
+ }
+ return false;
}
function _out_key($pretty=false,$url=false) {
@@ -659,10 +672,8 @@ function html(&$plugin, $echo=false) {
}
if (!class_exists('setting_email')) {
- if (!defined('SETTING_EMAIL_PATTERN')) define('SETTING_EMAIL_PATTERN','<^'.PREG_PATTERN_VALID_EMAIL.'$>');
class setting_email extends setting_string {
- var $_pattern = SETTING_EMAIL_PATTERN; // no longer required, retained for backward compatibility - FIXME, may not be necessary
var $_multiple = false;
var $_placeholders = false;
@@ -1107,96 +1118,39 @@ function _array2str($input) {
}
}
-/**
- * Provide php_strip_whitespace (php5 function) functionality
- *
- * @author Chris Smith <chris@jalakai.co.uk>
- */
-if (!function_exists('php_strip_whitespace')) {
-
- if (function_exists('token_get_all')) {
-
- if (!defined('T_ML_COMMENT')) {
- define('T_ML_COMMENT', T_COMMENT);
- } else {
- define('T_DOC_COMMENT', T_ML_COMMENT);
- }
+if (!class_exists('setting_regex')){
+ class setting_regex extends setting_string {
- /**
- * modified from original
- * source Google Groups, php.general, by David Otton
- */
- function php_strip_whitespace($file) {
- if (!@is_readable($file)) return '';
+ var $_delimiter = '/'; // regex delimiter to be used in testing input
+ var $_pregflags = 'ui'; // regex pattern modifiers to be used in testing input
- $in = join('',@file($file));
- $out = '';
+ /**
+ * update changed setting with user provided value $input
+ * - if changed value fails error check, save it to $this->_input (to allow echoing later)
+ * - if changed value passes error check, set $this->_local to the new value
+ *
+ * @param mixed $input the new value
+ * @return boolean true if changed, false otherwise (incl. on error)
+ */
+ function update($input) {
- $tokens = token_get_all($in);
+ // let parent do basic checks, value, not changed, etc.
+ $local = $this->_local;
+ if (!parent::update($input)) return false;
+ $this->_local = $local;
- foreach ($tokens as $token) {
- if (is_string ($token)) {
- $out .= $token;
- } else {
- list ($id, $text) = $token;
- switch ($id) {
- case T_COMMENT : // fall thru
- case T_ML_COMMENT : // fall thru
- case T_DOC_COMMENT : // fall thru
- case T_WHITESPACE :
- break;
- default : $out .= $text; break;
+ // see if the regex compiles and runs (we don't check for effectiveness)
+ $regex = $this->_delimiter . $input . $this->_delimiter . $this->_pregflags;
+ $lastError = error_get_last();
+ $ok = @preg_match($regex,'testdata');
+ if (preg_last_error() != PREG_NO_ERROR || error_get_last() != $lastError) {
+ $this->_input = $input;
+ $this->_error = true;
+ return false;
}
- }
- }
- return ($out);
- }
-
- } else {
-
- function is_whitespace($c) { return (strpos("\t\n\r ",$c) !== false); }
- function is_quote($c) { return (strpos("\"'",$c) !== false); }
- function is_escaped($s,$i) {
- $idx = $i-1;
- while(($idx>=0) && ($s{$idx} == '\\')) $idx--;
- return (($i - $idx + 1) % 2);
- }
-
- function is_commentopen($str, $i) {
- if ($str{$i} == '#') return "\n";
- if ($str{$i} == '/') {
- if ($str{$i+1} == '/') return "\n";
- if ($str{$i+1} == '*') return "*/";
- }
-
- return false;
- }
-
- function php_strip_whitespace($file) {
-
- if (!@is_readable($file)) return '';
- $contents = join('',@file($file));
- $out = '';
-
- $state = 0;
- for ($i=0; $i<strlen($contents); $i++) {
- if (!$state && is_whitespace($contents{$i})) continue;
-
- if (!$state && ($c_close = is_commentopen($contents, $i))) {
- $c_open_len = ($contents{$i} == '/') ? 2 : 1;
- $i = strpos($contents, $c_close, $i+$c_open_len)+strlen($c_close)-1;
- continue;
- }
-
- $out .= $contents{$i};
- if (is_quote($contents{$i})) {
- if (($state == $contents{$i}) && !is_escaped($contents, $i)) { $state = 0; continue; }
- if (!$state) {$state = $contents{$i}; continue; }
- }
+ $this->_local = $input;
+ return true;
}
-
- return $out;
}
- }
}
View
55 lib/plugins/config/settings/config.metadata.php
@@ -34,6 +34,9 @@
* 'array' - a simple (one dimensional) array of string values, shown as comma separated list in the
* config manager but saved as PHP array(). Values may not contain commas themselves.
* _pattern matching on the array values supported.
+ * 'regex' - regular expression string, normally without delimiters; as for string, in addition tested
+ * to see if will compile & run as a regex. in addition to _pattern, also accepts _delimiter
+ * (default '/') and _pregflags (default 'ui')
*
* Single Setting (source: settings/extra.class.php)
* -------------------------------------------------
@@ -43,10 +46,13 @@
* 'im_convert' - as 'setting', input must exist and be an im_convert module
* 'disableactions' - as 'setting'
* 'compression' - no additional parameters. checks php installation supports possible compression alternatives
+ * 'licence' - as multichoice, selection constructed from licence strings in language files
+ * 'renderer' - as multichoice, selection constructed from enabled renderer plugins which canRender()
*
* Any setting commented or missing will use 'setting' class - text input, minimal validation, quoted output
*
* Defined parameters:
+ * '_caution' - no value (default) or 'warning', 'danger', 'security'. display an alert along with the setting
* '_pattern' - string, a preg pattern. input is tested against this pattern before being accepted
* optional all classes, except onoff & multichoice which ignore it
* '_choices' - array of choices. used to populate a selection box. choice will be replaced by a localised
@@ -59,6 +65,9 @@
* '_code' - encoding method to use, accepted values: 'base64','uuencode','plain'. defaults to plain.
* '_min' - minimum numeric value, optional for 'numeric' and 'numericopt', ignored by others
* '_max' - maximum numeric value, optional for 'numeric' and 'numericopt', ignored by others
+ * '_delimiter' - string, default '/', a single character used as a delimiter for testing regex input values
+ * '_pregflags' - string, default 'ui', valid preg pattern modifiers used when testing regex input values, for more
+ * information see http://uk1.php.net/manual/en/reference.pcre.pattern.modifiers.php
* '_multiple' - bool, allow multiple comma separated email values; optional for 'email', ignored by others
*
* @author Chris Smith <chris@jalakai.co.uk>
@@ -83,26 +92,26 @@
$meta['_basic'] = array('fieldset');
$meta['title'] = array('string');
-$meta['start'] = array('string','_pattern' => '!^[^:;/]+$!'); // don't accept namespaces
+$meta['start'] = array('string','_caution' => 'warning','_pattern' => '!^[^:;/]+$!'); // don't accept namespaces
$meta['lang'] = array('dirchoice','_dir' => DOKU_INC.'inc/lang/');
$meta['template'] = array('dirchoice','_dir' => DOKU_INC.'lib/tpl/','_pattern' => '/^[\w-]+$/');
$meta['tagline'] = array('string');
$meta['sidebar'] = array('string');
$meta['license'] = array('license');
-$meta['savedir'] = array('savedir');
-$meta['basedir'] = array('string');
-$meta['baseurl'] = array('string');
-$meta['cookiedir'] = array('string');
+$meta['savedir'] = array('savedir','_caution' => 'danger');
+$meta['basedir'] = array('string','_caution' => 'danger');
+$meta['baseurl'] = array('string','_caution' => 'danger');
+$meta['cookiedir'] = array('string','_caution' => 'danger');
$meta['dmode'] = array('numeric','_pattern' => '/0[0-7]{3,4}/'); // only accept octal representation
$meta['fmode'] = array('numeric','_pattern' => '/0[0-7]{3,4}/'); // only accept octal representation
-$meta['allowdebug'] = array('onoff');
+$meta['allowdebug'] = array('onoff','_caution' => 'security');
$meta['_display'] = array('fieldset');
$meta['recent'] = array('numeric');
$meta['recent_days'] = array('numeric');
$meta['breadcrumbs'] = array('numeric','_min' => 0);
$meta['youarehere'] = array('onoff');
-$meta['fullpath'] = array('onoff');
+$meta['fullpath'] = array('onoff','_caution' => 'security');
$meta['typography'] = array('multichoice','_choices' => array(0,1,2));
$meta['dformat'] = array('string');
$meta['signature'] = array('string');
@@ -111,19 +120,19 @@
$meta['tocminheads'] = array('multichoice','_choices' => array(0,1,2,3,4,5,10,15,20));
$meta['maxtoclevel'] = array('multichoice','_choices' => array(0,1,2,3,4,5));
$meta['maxseclevel'] = array('multichoice','_choices' => array(0,1,2,3,4,5)); // 0 for no sec edit buttons
-$meta['camelcase'] = array('onoff');
-$meta['deaccent'] = array('multichoice','_choices' => array(0,1,2));
+$meta['camelcase'] = array('onoff','_caution' => 'warning');
+$meta['deaccent'] = array('multichoice','_choices' => array(0,1,2),'_caution' => 'warning');
$meta['useheading'] = array('multichoice','_choices' => array(0,'navigation','content',1));
$meta['sneaky_index'] = array('onoff');
-$meta['hidepages'] = array('string');
+$meta['hidepages'] = array('regex');
$meta['_authentication'] = array('fieldset');
-$meta['useacl'] = array('onoff');
+$meta['useacl'] = array('onoff','_caution' => 'danger');
$meta['autopasswd'] = array('onoff');
-$meta['authtype'] = array('authtype');
+$meta['authtype'] = array('authtype','_caution' => 'danger');
$meta['passcrypt'] = array('multichoice','_choices' => array('smd5','md5','apr1','sha1','ssha','lsmd5','crypt','mysql','my411','kmd5','pmd5','hmd5','mediawiki','bcrypt','djangomd5','djangosha1','sha512'));
$meta['defaultgroup']= array('string');
-$meta['superuser'] = array('string');
+$meta['superuser'] = array('string','_caution' => 'danger');
$meta['manager'] = array('string');
$meta['profileconfirm'] = array('onoff');
$meta['rememberme'] = array('onoff');
@@ -132,7 +141,7 @@
'_combine' => array('subscription' => array('subscribe','unsubscribe'), 'wikicode' => array('source','export_raw')));
$meta['auth_security_timeout'] = array('numeric');
$meta['securecookie'] = array('onoff');
-$meta['remote'] = array('onoff');
+$meta['remote'] = array('onoff','_caution' => 'security');
$meta['remoteuser'] = array('string');
$meta['_anti_spam'] = array('fieldset');
@@ -140,12 +149,12 @@
$meta['relnofollow'] = array('onoff');
$meta['indexdelay'] = array('numeric');
$meta['mailguard'] = array('multichoice','_choices' => array('visible','hex','none'));
-$meta['iexssprotect']= array('onoff');
+$meta['iexssprotect']= array('onoff','_caution' => 'security');
$meta['_editing'] = array('fieldset');
$meta['usedraft'] = array('onoff');
-$meta['htmlok'] = array('onoff');
-$meta['phpok'] = array('onoff');
+$meta['htmlok'] = array('onoff','_caution' => 'security');
+$meta['phpok'] = array('onoff','_caution' => 'security');
$meta['locktime'] = array('numeric');
$meta['cachetime'] = array('numeric');
@@ -184,20 +193,20 @@
$meta['_advanced'] = array('fieldset');
$meta['updatecheck'] = array('onoff');
-$meta['userewrite'] = array('multichoice','_choices' => array(0,1,2));
+$meta['userewrite'] = array('multichoice','_choices' => array(0,1,2),'_caution' => 'danger');
$meta['useslash'] = array('onoff');
-$meta['sepchar'] = array('sepchar');
+$meta['sepchar'] = array('sepchar','_caution' => 'warning');
$meta['canonical'] = array('onoff');
-$meta['fnencode'] = array('multichoice','_choices' => array('url','safe','utf-8'));
+$meta['fnencode'] = array('multichoice','_choices' => array('url','safe','utf-8'),'_caution' => 'warning');
$meta['autoplural'] = array('onoff');
$meta['compress'] = array('onoff');
$meta['cssdatauri'] = array('numeric','_pattern' => '/^\d+$/');
$meta['gzip_output'] = array('onoff');
$meta['send404'] = array('onoff');
-$meta['compression'] = array('compression');
+$meta['compression'] = array('compression','_caution' => 'warning');
$meta['broken_iua'] = array('onoff');
-$meta['xsendfile'] = array('multichoice','_choices' => array(0,1,2,3));
-$meta['renderer_xhtml'] = array('renderer','_format' => 'xhtml','_choices' => array('xhtml'));
+$meta['xsendfile'] = array('multichoice','_choices' => array(0,1,2,3),'_caution' => 'warning');
+$meta['renderer_xhtml'] = array('renderer','_format' => 'xhtml','_choices' => array('xhtml'),'_caution' => 'warning');
$meta['readdircache'] = array('numeric');
$meta['_network'] = array('fieldset');
Something went wrong with that request. Please try again.