[pmwiki-users] PmWiki 2.3.15 released

Petko Yotov 5ko at 5ko.fr
Mon Nov 21 03:00:27 PST 2022 

Hello. PmWiki version 2.3.15 was published today, and is available at:

   https://www.pmwiki.org/pub/pmwiki/pmwiki-2.3.15.tgz
   https://www.pmwiki.org/pub/pmwiki/pmwiki-2.3.15.zip
     svn://www.pmwiki.org/pmwiki/tags/latest

Releasing a new version ahead of schedule because of a vulnerability
discovered today.

Security: Closed a potential XSS vulnerability discovered today. Your
wiki may be at risk if untrusted people can edit your pages.

HTTP headers: CSP updated, XSSP added. Both can be disabled or modified
by changing the $HTTPHeaders array.

Cookies: Added a new variable $CookieSameSite default to 'Lax' per
current browser defaults and expectations. Updated pmsetcookie() added
an argument $samesite, and refactored to work with old and current PHP
versions. Added function pm_session_start() as a replacement for
session_start() with respect for local preferences ($CookieSameSite,
$EnableCookieSecure, $EnableCookieHTTPOnly).

PmSyntax: A new CSS variable --pmsyntax-fontsize-editform allows
to set the font size of the edit form separately from highlighted
elements in the documentation. Fixed the [[Highlight]] label could
change fonts when toggled.

Responsive skin: The font size for "pre" and "code" elements is now
scalable/relative to the paragraph font size rather than fixed. This
works better in headings or small text blocks.

GUI edit buttons: Part of these functions were rewritten to avoid
'unsafe inline' JavaScript. While most default and custom buttons
should work without change, you should no longer need to url-encode
some characters like % or add backslashes. If you have such buttons,
you may need to update their declarations to strip the extra
backslashes.

WikiStyles: Refactored to move all inline WikiStyles to the
$HTMLStylesFmt array in the header of the HTML page.

Tables and block markup: Replaced inline style="..." attributes with
class names.

The function PrintFmt() was refactored to process skin parts, skin
functions, markup, and wiki pages, before sending the HTTP and HTML
headers. This allows for wikistyles and recipes in sidebars and footers
to add their configurations to the headers.

If you have questions or difficulties upgrading, or notice bugs, please 
contact us.

Thanks,
Petko

More information about the pmwiki-users mailing list