OK. Thank you for your analysis. I will try it. Many thanks.
Needs Triage (3)
Feb 26 2020
Thanks - DokuWiki thinks the request is a CSRF attack. The reason is that some requests are performed to your uppercase URL and some to your lowercase URL. I suppose that IIS invokes separate PHP instances for the different URLs and thus the security tokens do not match.
Then we need to go the more complicated route and I have to ask for more details:
Unfortunately, that's not possible. We are using DokuWiki in our Intranet. Access from outside isn't possible.
OK, then my theory is probably wrong :(
Sorry, I've forgotten to write that we are using IIS. You are right, DokuWiki and dokuwiki are separate folders – on UNIX systems. But using IIS on Windows Server, both names refer to the same directory. Therefore, we are able to use both styles. It works with all pages except pages using davcal.
Short answer: dokuwiki and DokuWiki are - usually - two separate folders and you should *never* mix them.
Feb 12 2020
Thanks for the patch, I'll review and apply it as soon as possible (there is another patch pending that arrived via E-Mail that needs some work as well).
Feb 10 2020
Jan 24 2020
Oct 12 2019
If you want to give it a try, I'd be happy to give you some guidance. If not, it's going to take a while, I'm afraid.
Oct 11 2019
Yes, this is exactly what I meant.
Could you be a bit more specific with what you mean? What exactly should the setting prevent/disable/disallow?