From ec1453ee447df266cae850632d7e1a7fc8917857 Mon Sep 17 00:00:00 2001 From: rurban Date: Sat, 1 May 2004 16:04:56 +0000 Subject: [PATCH] rewording, php-4.0.6 fixes, Log removed from index.php git-svn-id: svn://svn.code.sf.net/p/phpwiki/code/trunk@3412 96ab9672-09ca-45d6-a79d-3d69d39ca109 --- INSTALL | 44 +++++------ SOAP.php | 4 +- index.php | 217 +----------------------------------------------------- 3 files changed, 28 insertions(+), 237 deletions(-) diff --git a/INSTALL b/INSTALL index afb9147a8..82cf39325 100644 --- a/INSTALL +++ b/INSTALL @@ -2,10 +2,11 @@ REQUIREMENTS PhpWiki requires a web server with PHP version 4.0.4pl1 or greater and a database application. - (PhpWiki uses the array_search() function which is present only in PHP version 4.0.4pl1 / 4.0.5 or greater.) + Latest tests showed, that it requires at least 4.0.6 --rurban + Due to a security issue found in all versions of PHP (including 3.x and 4.x), all users of PHP are strongly encouraged to either upgrade to PHP 4.2.2, or install a patch available for PHP 3.0.18, 4.0.6 and @@ -17,35 +18,37 @@ error like "function preg_replace() not defined." PHP must also be compiled with support for the type of database you want to use, i.e. --with-gdbm, --with-db2, --with-db3, --with-msql, ---with-pgsql. (With PHP4 MySQL support is always enabled). Consult the -PHP installation manual for specific installation and configure -options. +--with-pgsql. (With PHP4 MySQL support is always enabled. With PHP5 +sqlite instead). Consult the PHP installation manual for specific +installation and configure options. + Since version 1.3.0 PhpWiki uses the 'DB.php' from PEAR, a database abstraction layer which is part of PHP. PhpWiki version 1.3.3 and later -includes the necessary PEAR library and will use it instead of any -PEAR library which may already be present on your system. For more -information about PEAR see . +includes the necessary PEAR libraries and will use it if your system +PEAR library can not be found. For more information about PEAR +see . You'd need to set allow_call_time_pass_reference = On in php.ini -or .htaccess +or .htaccess: + php_value allow_call_time_pass_reference 1 QUICK START INSTRUCTIONS Copy 'config/config-dist.ini' to 'config/config.ini' and edit the settings in 'config/config.ini' to your liking. -By default PhpWiki is configured to use a flatfile database. If there -is no dbm on your system, you will see an error like this the first +By default PhpWiki is configured to use a dba database. If there +is no dba on your system, you will see an error like this the first time you try to use PhpWiki: "Fatal error: Call to undefined function: dba_open() in phpwiki/lib/DbaDatabase.php on line 32" -To correct this you will have to install a dbm package or preferably -an sql-compatible database such as MySQL or PostgreSQL and make the -necessary configuration changes to 'config/config.ini'. - +To correct this you will have to check the available dba handlers +(default: db3 for Windows, otherwise gdbm), install the dba extension +or preferably an sql-compatible database such as MySQL or PostgreSQL +and make the necessary configuration changes to 'lib/config/config.ini'. INSTRUCTIONS @@ -74,10 +77,10 @@ The first time you run this Wiki it will load a set of basic pages from the 'pgsrc/' directory. These should be enough to get your Wiki started. -PhpWiki will create some DBM files in '/tmp'. They contain the pages +PhpWiki will create some DBA files in '/tmp'. They contain the pages of the live site, archived pages, and some additional information. -If you don't want the DBM files to live in '/tmp' you must make sure +If you don't want the DBA files to live in '/tmp' you must make sure the web server can read/write to your chosen location. It's probably a bad idea to leave it in '/tmp', so change it in 'config/config.ini'. @@ -86,10 +89,10 @@ WARNING: on many systems, files in '/tmp' are subject to periodic another directory. For example, create a subdirectory called 'pages' in the 'phpwiki' -directory which was made when you untarred PhpWiki. Move the DBM files +directory which was made when you untarred PhpWiki. Move the DBA files there. The files should already have proper rights and owners, as they were created by the web server. If not, change the permissions -accordingly so your web server can read / write the DBM files. Note +accordingly so your web server can read / write the DBA files. Note that you must be root to move files created by the web server. Next you must ensure that the web server can access the 'pages' @@ -100,7 +103,7 @@ bash$ chown nobody:youraccount pages bash$ chmod 755 pages This is necessary so that the server can also create / set the -database lock file (PHP has a built in locking mechanism for DBM file +database lock file (PHP has a built in locking mechanism for DBA file access). Or if you're really lazy and don't worry much about security: @@ -110,7 +113,6 @@ Note: This is insecure. The proper way is to let the directory be owned by the web servers GUID and give it read and write access. - 2. ALLOWING EMBEDDED HTML PhpWiki ships with this feature disabled by default. According to @@ -153,4 +155,4 @@ You can join this list at: FIN -$Id: INSTALL,v 1.20 2004-04-20 22:45:39 zorloc Exp $ \ No newline at end of file +$Id: INSTALL,v 1.21 2004-05-01 16:04:56 rurban Exp $ \ No newline at end of file diff --git a/SOAP.php b/SOAP.php index c3bb5959b..a55824b4b 100644 --- a/SOAP.php +++ b/SOAP.php @@ -16,7 +16,7 @@ */ define ("WIKI_SOAP", "true"); -include_once("my-index.php"); +include_once("./index.php"); include_once("lib/main.php"); require_once('lib/nusoap/nusoap.php'); @@ -41,6 +41,8 @@ function checkCredentials(&$server, &$credentials, $access, $pagename) { $line = base64_decode(str_replace("Basic ","",trim($server->header['Authorization']))); list($credentials['username'],$credentials['password']) = explode(':',$line); } else { + if (!isset($_SERVER)) + $_SERVER =& $GLOBALS['HTTP_SERVER_VARS']; // TODO: where in the header is the client IP if (!isset($credentials['username'])) { if (isset($_SERVER['REMOTE_ADDR'])) diff --git a/index.php b/index.php index 08da8ce77..00cebb0be 100644 --- a/index.php +++ b/index.php @@ -1,13 +1,6 @@ pref option -// -// Revision 1.138 2004/04/12 12:27:07 rurban -// more notes and themes -// -// Revision 1.137 2004/04/11 10:42:02 rurban -// pgsrc/CreatePagePlugin -// -// Revision 1.136 2004/04/10 04:14:13 rurban -// sf.net 906436 Suggestion -// -// Revision 1.135 2004/04/10 03:33:03 rurban -// Oops revert -// -// Revision 1.134 2004/04/10 02:55:48 rurban -// fixed old WikiUser -// -// Revision 1.133 2004/04/08 01:22:53 rurban -// fixed PageChange Notification -// -// Revision 1.132 2004/04/01 15:57:10 rurban -// simplified Sidebar theme: table, not absolute css positioning -// added the new box methods. -// remaining problems: large left margin, how to override _autosplitWikiWords in Template only -// -// Revision 1.131 2004/03/14 16:24:35 rurban -// authenti(fi)cation spelling -// -// Revision 1.130 2004/03/09 17:16:43 rurban -// fixed $LDAP_SET_OPTION -// -// Revision 1.129 2004/02/29 04:10:55 rurban -// new POP3 auth (thanks to BiloBilo: pentothal at despammed dot com) -// fixed syntax error in index.php -// -// Revision 1.128 2004/02/29 02:06:05 rurban -// And this is the SOAP server. Just a view methods for now. (page content) -// I would like to see common-wiki soap wdsl. -// -// "SOAP is a bloated, over engineered mess of a perfectly trivial concept. Sigh." -// -- http://www.wlug.org.nz/SOAP -// -// Revision 1.127 2004/02/28 21:18:29 rurban -// new SQL auth_create, don't ever use REPLACE sql calls! -// moved HttpAuth to the end of the chain -// PrettyWiki enabled again -// -// Revision 1.126 2004/02/27 16:27:48 rurban -// REPLACE is a dirty hack, and erases passwd btw. -// -// Revision 1.125 2004/02/24 02:51:57 rurban -// release 1.3.8 ready -// -// Revision 1.124 2004/02/16 00:20:30 rurban -// new Japanses language -// -// Revision 1.123 2004/02/09 03:58:07 rurban -// for now default DB_SESSION to false -// PagePerm: -// * not existing perms will now query the parent, and not -// return the default perm -// * added pagePermissions func which returns the object per page -// * added getAccessDescription -// WikiUserNew: -// * added global ->prepare (not yet used) with smart user/pref/member table prefixing. -// * force init of authdbh in the 2 db classes -// main: -// * fixed session handling (not triple auth request anymore) -// * don't store cookie prefs with sessions -// stdlib: global obj2hash helper from _AuthInfo, also needed for PagePerm -// -// Revision 1.122 2004/02/07 14:20:18 rurban -// consistent mysql schema with index.php (userid) -// -// Revision 1.121 2004/02/07 10:41:25 rurban -// fixed auth from session (still double code but works) -// fixed GroupDB -// fixed DbPassUser upgrade and policy=old -// added GroupLdap -// -// Revision 1.120 2004/02/03 09:45:39 rurban -// LDAP cleanup, start of new Pref classes -// -// Revision 1.119 2004/02/01 09:14:10 rurban -// Started with Group_Ldap (not yet ready) -// added new _AuthInfo plugin to help in auth problems (warning: may display passwords) -// fixed some configurator vars -// renamed LDAP_AUTH_SEARCH to LDAP_BASE_DN -// changed PHPWIKI_VERSION from 1.3.8a to 1.3.8pre -// USE_DB_SESSION defaults to true on SQL -// changed GROUP_METHOD definition to string, not constants -// changed sample user DBAuthParams from UPDATE to REPLACE to be able to -// create users. (Not to be used with external databases generally, but -// with the default internal user table) -// -// fixed the IndexAsConfigProblem logic. this was flawed: -// scripts which are the same virtual path defined their own lib/main call -// (hmm, have to test this better, phpwiki.sf.net/demo works again) -// -// Revision 1.118 2004/01/28 14:34:13 rurban -// session table takes the common prefix -// + various minor stuff -// reallow password changing -// -// Revision 1.117 2004/01/27 23:25:50 rurban -// added new tables to mysql schema -// fixed default DBAUthParam samples to match these -// added group constants (look terrible, I'd prefer strings instead of constants) -// -// Revision 1.116 2004/01/25 04:21:02 rurban -// WikiUserNew support (temp. ENABLE_USER_NEW constant) -// -// Revision 1.115 2003/12/22 04:58:11 carstenklapp -// Incremented release version. -// -// Revision 1.114 2003/12/05 16:00:42 carstenklapp -// ACK! gettext is not available at this point in index.php. -// -// Revision 1.113 2003/12/05 15:51:37 carstenklapp -// Added note that use of the configurator is depreciated. -// -// Enable localization/gettextification of $KeywordLinkRegexp. (Also, now -// users not familiar with regex can more easily just edit the $keywords -// array). -// -// Added four new constants to define author and copyright link rel~s -// used in html head. This makes it easier to run multiple wikis off of -// one set of code. -// -// Eliminated RECENT_CHANGES constant for RSS auto discovery because it's -// another step to watch out for when running a non-english wiki. Now -// simply defined as _("RecentChanges") in head.tmpl itself. Non-standard -// wikis where the RecentChanges page has been named to something else -// will have to modify this in head.tmpl (along with all other places the -// word RecentChanges appears in the code, something that already would -// have had to be done on such a wiki anyway). -// -// Added a little more info and instructions to flesh out: -// DEBUG, WIKI_NAME, ADMIN_USER, $DisabledActions, $DBParams, CHARSET. -// -// A few typos and spelling mistakes corrected, and some text rewrapped. -// -// Revision 1.112 2003/11/17 15:49:21 carstenklapp -// Updated version number to 1.3.7pre (beyond current release -// 1.3.6). Disabled DEBUG output by default (hide DebugInfo, XHTML & -// CSS validator buttons). Note the DebugInfo button remains visible -// for the Admin, and can be accessed by anyone else by adding -// "?action=DebugInfo" to the URL for the occasional use. -// -// Revision 1.111 2003/03/18 21:40:04 dairiki -// Copy Lawrence's memo on USE_PATH_INFO/AcceptPathInfo to configurator.php -// (as promised). -// -// Plus slight clarification of default (auto-detect) behavior. -// -// Revision 1.110 2003/03/18 20:51:10 lakka -// Revised comments on use of USE_PATH_INFO with Apache 2 -// -// Revision 1.109 2003/03/17 21:24:50 dairiki -// Fix security bugs in the RawHtml plugin. -// -// Change the default configuration to allow use of plugin, since -// I believe the plugin is now safe for general use. (Raw HTML will only -// work on locked pages.) -// -// Revision 1.108 2003/03/07 22:47:01 dairiki -// A few more if(!defined(...))'s -// -// Revision 1.107 2003/03/07 20:51:54 dairiki -// New feature: Automatic extraction of keywords (for the meta keywords tag) -// from Category* and Topic* links on each page. -// -// Revision 1.106 2003/03/07 02:48:23 dairiki -// Add option to prevent HTTP redirect. -// -// Revision 1.105 2003/03/04 02:08:08 dairiki -// Fix and document the WIKIDB_NOCACHE_MARKUP config define. -// -// Revision 1.104 2003/02/26 02:55:52 dairiki -// New config settings in index.php to control cache control strictness. -// -// Revision 1.103 2003/02/22 19:43:50 dairiki -// Fix comment regarding connecting to SQL server over a unix socket. -// -// Revision 1.102 2003/02/22 18:53:38 dairiki -// Renamed method Request::compress_output to Request::buffer_output. -// -// Added config option to disable compression. -// -// Revision 1.101 2003/02/21 19:29:30 dairiki -// Update PHPWIKI_VERSION to 1.3.5pre. -// -// Revision 1.100 2003/01/04 03:36:58 wainstead -// Added 'file' as a database type alongside 'dbm'; added cvs log tag -// +//include (dirname(__FILE__)."/lib/main.php"); // (c-file-style: "gnu") // Local Variables: -- 2.45.0