Back to the main page.

Bug 2223 - update the dokuwiki CMS on the fieldtrip website

Reported 2013-07-30 13:26:00 +0200
Modified 2019-08-10 12:41:54 +0200
Product: FieldTrip
Component: documentation
Version: unspecified
Hardware: PC
Operating System: Mac OS
Importance: P3 normal
Assigned to: Robert Oostenveld
Depends on:
See also:

Robert Oostenveld - 2013-07-30 13:26:43 +0200

there seem to be some vulnerabilities in the current version, which are presently blocked by write-protecting all php files. Better would be to update the dokuwiki CMS software.

Robert Oostenveld - 2013-07-30 13:33:35 +0200

I noticed on that there are some "recommended" plugins, such as This might replace the note plugin that we now have. Also the video plugin is relevant for

Robert Oostenveld - 2013-08-07 18:01:09 +0200

I have copied the old wiki to a new instance at I removed all data (i.e. pages) I downloaded the latest dokuwiki release and copied all files over the existing directory (per instruction) I downloaded the latest tag plugin (which mentions an XSS vulnerability, removed the old and installed the new one. The following plugins still need to be updated. 361 $ cd /var/www/ 362 $ find . -maxdepth 1 -mtime +24 -type d ./popularity ./dw2pdf ./sortablejs ./cloud ./include ./searchindex ./safefnrecode ./pagelist ./userpoll ./vshare ./captcha ./disqus ./edittweet ./rater ./svgpureInsert ./twitter ./inlinebib ./googlemaps ./logstats ./goto ./siteexport ./note ./orphanswanted ./offline ./googleanalytics ./statdisplay Old files that are not needed any more still need to be removed.

Robert Oostenveld - 2013-08-07 22:20:23 +0200

(In reply to comment #2) I updated the captcha plugin and disabled all plugins that still have to be checked for updates. That makes them easier to find. Plugin cloud disabled. Plugin disqus disabled. Plugin dw2pdf disabled. Plugin edittweet disabled. Plugin googleanalytics disabled. Plugin googlemaps disabled. Plugin goto disabled. Plugin include disabled. Plugin inlinebib disabled. Plugin logstats disabled. Plugin note disabled. Plugin offline disabled. Plugin orphanswanted disabled. Plugin pagelist disabled. Plugin popularity disabled. Plugin rater disabled. Plugin safefnrecode disabled. Plugin searchindex disabled. Plugin siteexport disabled. Plugin sortablejs disabled. Plugin statdisplay disabled. Plugin svgpureInsert disabled. Plugin twitter disabled. Plugin userpoll disabled. Plugin vshare disabled.

Robert Oostenveld - 2013-08-07 22:51:48 +0200

updated and enabled cloud plugin updated and enabled disqus plugin updated and enabled googleanalytics plugin, updated config settings with ID updated and enabled include plugin updated and enabled note plugin updated and enabled searchindex plugin updated and enabled orphanswanted plugin updated and enabled pagelist plugin updated and enabled userpoll plugin updated and enabled vshare plugin the goto plugin home page cannot be found, so an update is not available

Robert Oostenveld - 2013-08-07 22:59:53 +0200

(In reply to comment #4) ok, a few more... updated and enabled sortablejs plugin updated and enabled logstats plugin seems to be outdated, might be an alternative.

Robert Oostenveld - 2013-08-07 23:02:08 +0200

(In reply to comment #5) The following still need to be checked for updates and/or considered to be removed. cd /var/www/ find . -maxdepth 1 -mtime +24 -type d ./popularity ./dw2pdf ./safefnrecode ./edittweet ./rater ./svgpureInsert ./twitter ./inlinebib ./googlemaps ./goto ./siteexport ./offline ./statdisplay

Robert Oostenveld - 2013-08-07 23:40:54 +0200

What ever happened to the cron jobs that we had running on the web server? E.g. the rss feed from the mailing list is not being updated any more (since 20 June). ... going through my email, I found this On 20 Jun 2013, at 10:51, Rene de Bruin wrote: de website staat op de andere server. Ik heb de domain verwijzingen aangepast. Verder heb je als het goed is ssh toegang om je scripts aan te passen. De oude site draait nog op de andere server standby tot vanmiddag mocht er iets niet goed zijn. Robert heeft trouwens nog 2 scripts draaien misschien moet je daar ook naar kijken. 11 21 * * 5 $HOME/bin/ # update rss feed for maillist archive of fieldtrip discussion list 40 * * * * $HOME/bin/mailman-archive-to-rss >/dev/null 2>/dev/null these need to be reinstalled!

Robert Oostenveld - 2013-08-07 23:41:40 +0200

Comparing "new/fieldtest" with "old/fieldtrip" there are some issues. But what I also notice is that we have inconsistent ways of hiding the elements in the navigation panel, i.e. the panel consisting of - menu - current page toc - share - latest twitter activity I know that some of these are custom built by Eelke and part of the theme. Let's discuss whether we can make them consistent. Let's also discuss whether the custom plugins can be shared back to dokuwiki. I would not mind creating a repo at

Robert Oostenveld - 2014-10-30 13:02:16 +0100

*** Bug 2693 has been marked as a duplicate of this bug. ***

Robert Oostenveld - 2014-10-30 13:04:02 +0100

it is desired to enable I just enabled it in the settings, but the expected button does not show up. I guess this needs to be dealt with with the update to the latest version.

Robert Oostenveld - 2014-10-30 13:04:41 +0100

note to self: with the next clean install of the dokuwiki CMS, I should start from scratch getting all php code into git or svn.

Robert Oostenveld - 2017-02-23 09:09:38 +0100

I have installed a new version on So far it not in git yet, but it is still a very clean install.

Robert Oostenveld - 2017-02-23 09:14:48 +0100

(In reply to Robert Oostenveld from comment #11) I made a local git repository on the web server and checked in all dokuwiki stuff, excluding the data (pages, media, cache).

Robert Oostenveld - 2017-02-23 12:14:20 +0100

On 23 Feb 2017, at 12:09, Eelke Spaak wrote: The only thing that is not working which I found so far are the links to "further reading" (FAQs and Example Scripts) that should be displayed at the end of the tutorials.

Robert Oostenveld - 2017-04-20 12:30:49 +0200

The wiki is live for some time now. There are no big complaints. I had it scanned by Beyond Security Support, which did not (any more) reveal any major security concerns. I updated (some time already) to 2017-02-19b "Frusterick Manners". Today I copied the user names (and password hashes) over from the old wiki to this new one. For the moment I am not planning to work on this further, so I'll close this bug. It can still be found in bugzilla in case this needs attention in the future.

Robert Oostenveld - 2019-08-10 12:35:40 +0200

This closes a whole series of bugs that have been resolved (either FIXED/WONTFIX/INVALID) for quite some time. If you disagree, please file a new issue on

Robert Oostenveld - 2019-08-10 12:41:54 +0200

This closes a whole series of bugs that have been resolved (either FIXED/WONTFIX/INVALID) for quite some time. If you disagree, please file a new issue on