minor comment fix

revise INSECURE_ACTIONS_LOCALHOST_ONLY actions

add INSECURE_ACTIONS_LOCALHOST_ONLY. advanced security settings

change rename action from access perm change to edit: allow the signed in user to rename.

fix for mult. group membership: not a member and undecided: check other groups

unify message

support captcha

just comments

several fixes and suggestions by Charles Corrigan:
* fix GROUP_BOGO_USER check
* allow group pages to have the link to the user page in [ ] brackets
* fix up the implementation of GroupWikiPage::getMembersOf and allow the
  user page to be linked in [ ] brackets
* added _OWNER and _CREATOR to special wikigroups
* check against those two for group membership also, not only the user.

remove final \n to be ob_cache independent

don't load PagePerm on ENABLE_PAGEPERM = false to save memory. Move mayAccessPage() to main.php

seperate PassUser methods into seperate dir (memory usage)
fix WikiUser (old) overlarge data session
remove wikidb arg from various page class methods, use global ->_dbi instead
...

fix another reecursion loop when . exists: deny if ACL not defined; implement pageperm cache

avoid recursion bug on setacl for "."

fix and warn on too restrictive ACL handling without ACL in existing . (dotpage)

fix interesting PagePerm problem: -1 == true

fixed implicit PersonalPage login (e.g. on edit), fixed to check against create ACL on create, not edit

WikiGroup refactoring:
  global group attached to user, code for not_current user.
  improved helpers for special groups (avoid double invocations)
new experimental config option ENABLE_XHTML_XML (fails with IE, and document.write())
fixed a XHTML validation error on userprefs.tmpl

Disallow refernces in calls if the declaration is a reference
("allow_call_time_pass_reference clean").
  PhpWiki is now allow_call_time_pass_reference = Off clean,
  but several external libraries may not.
  In detail these libs look to be affected (not tested):
  * Pear_DB odbc
  * adodb oracle

renamed global $Theme to $WikiTheme (gforge nameclash)
inherit PageList default options from PageList
  default sortby=pagename
use options in PageList_Selectable (limit, sortby, ...)
added action revert, with button at action=diff
added option regex to WikiAdminSearchReplace

some comments only

better acl dump representation, read back acl and owner

simplified admin action shortcuts

added simplified chown, setacl actions

add acl field to mimified dump

support for SetAclSimple

fixed PagePerm non-object problem (mayAccessPage), also bug #967150

renamed DB_Session to DbSession (in CVS also)
added WikiDB->getParam and WikiDB->getAuthParam method to get rid of globals
remove leading slash in error message
added force_unlock parameter to File_Passwd (no return on stale locks)
fixed adodb session AffectedRows
added FileFinder helpers to unify local filenames and DATA_PATH names
editpage.php: new edit toolbar javascript on ENABLE_EDIT_TOOLBAR

update_locale wrongly resetted LANG, which broke japanese.
japanese now correctly uses EUC_JP, not utf-8.
more charset and lang headers to help the browser.

setacl icons

check more config-default and predefined constants
various PagePerm fixes:
  fix default PagePerms, esp. edit and view for Bogo and Password users
  implemented Creator and Owner
  BOGOUSERS renamed to BOGOUSER
fixed syntax errors in signin.tmpl

fixed important WikiDB bug with DEBUG > 0: wrong assertion
improved SetAcl (works) and PagePerms, some WikiGroup helpers.

fix some too loose PagePerms for signed, but not authenticated users
 (admin, owner, creator)
no double login page header, better login msg.
moved action_pdf to lib/pdf.php

more pdf support

limit user session data (HomePageHandle and auth_dbi have to invalidated anyway)
  because they will not survive db sessions, if too large.
extended action=upgrade
some WikiTranslation button work
revert WIKIAUTH_UNOBTAINABLE (need it for main.php)
some temp. session debug statements

Slightly more elegant fix.  Instead of WIKIAUTH_FORBIDDEN, the current user's level + 1 is returned on a false.

Fixes permission failure issues.  With PagePermissions and Disabled Actions when user did not have permission WIKIAUTH_FORBIDDEN was returned.  In WikiUser this was ok because WIKIAUTH_FORBIDDEN had a value of 11 -- thus no user could perform that action.  But WikiUserNew has a WIKIAUTH_FORBIDDEN value of -1 -- thus a user without sufficent permission to do anything.  The solution is a new high value permission level (WIKIAUTH_UNOBTAINABLE) to be the default level for access failure.

authenti(fi)cation spelling

First PagePerm implementation:

$Theme->setAnonEditUnknownLinks(false);

Layout improvement with dangling links for mostly closed wiki's:
If false, only users with edit permissions will be presented the
special wikiunknown class with "?" and Tooltip.
If true (default), any user will see the ?, but will be presented
the PrintLoginForm on a click.

fixed minor warnings: unchecked args, POST => Get urls for sortby e.g.

more PagePerm stuff: (working against 1.4.0)
  ACL editing and simplification of ACL's to simple rwx------ string
  not yet working.

Rename functional for PearDB backend
some other minor changes
SiteMap comes with a not yet functional feature request: includepages (tbd)

for now default DB_SESSION to false
PagePerm:
  * not existing perms will now query the parent, and not
    return the default perm
  * added pagePermissions func which returns the object per page
  * added getAccessDescription
WikiUserNew:
  * added global ->prepare (not yet used) with smart user/pref/member table prefixing.
  * force init of authdbh in the 2 db classes
main:
  * fixed session handling (not triple auth request anymore)
  * don't store cookie prefs with sessions
stdlib: global obj2hash helper from _AuthInfo, also needed for PagePerm

This should be the functionality. Needs testing and some minor todos.

initial version, not yet hooked into lib/main.php