PmWiki 2.3.23
7 May 2023
PmWiki version 2.3.23 is now available.
Upgrading to PmWiki 2.3.23
PmWiki 2.3.23 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply PmWiki updates as new versions are released, or use Installatron's Clone feature to duplicate an existing PmWiki install to test the 2.3.23 upgrade prior to applying it live. Get started managing your PmWiki installations with Installatron
What's New in PmWiki 2.3.23
2.3.23
Bug Fixes and Changes
- This version implements session tokens to prevent potential cross-site request forgery vulnerabilities, suggested by Dominique Faure. Most core actions that modify pages or files should have this enabled and should work like before.
- This new feature can be disabled by setting these variables in config.php: $EnablePmToken = 0; # edit, upload, attributes, approveurls; $PmFormEnablePmToken = 0; # PmForm
- Some installations might encounter the error message "Token invalid or missing". These can include custom edit forms, automated scripts posting to the wiki, AJAX posting text or uploads used by some recipes, or partial upgrades where some core scripts haven't been updated. Most of these should be easy to update -- please report such cases to us -- otherwise you may selectively disable the feature.
- A form element (:input pmtoken:) was added, and the helper function pmtoken() was documented to make it easy for custom forms and recipes to use this new feature.
- The version also includes a minor code refactoring, a bug fix, and the documentation was updated.
2.3.22
Bug Fixes and Changes
- This version adds to the core the Cookbook:PmForm recipe (script and templates), not enabled by default. This is in order to reduce my workload, and future updates to PmForm will be made only in the core version.
- If you already use PmForm, you can enable the core script, by modifying your include_once() call from "cookbook/pmform.php" to "scripts/pmform.php". Your existing templates and configuration should continue to work.
- A bug was fixed with PageLists with multiple category=+A,+B categories. Input forms and buttons can now be configured to ask for confirmation before they are submitted. A few updates for recent PHP versions, and other minor improvements, and the documentation was updated.