| commit | 6fc3aa1afd3b25c8ada5bd8245997e0fa3a8cdee | |
| author | Andreas Gohr <andi@splitbrain.org> | |
| Mon, 16 Nov 2009 22:05:23 +0000 (16 23:05 +0100) | ||
| committer | Andreas Gohr <andi@splitbrain.org> | |
| Mon, 16 Nov 2009 22:05:23 +0000 (16 23:05 +0100) | ||
| tree | 65df25aeec37076c80bfece7ae7d571f988af26e | treesnapshot (tar.gz zip) |
| parent | 48c8c96f687ddf5eea6750db55be522391ba4e63 | commitdiff |
Security Fix: do not allow skipacl in XMLRPC
Ignore-this: 517a7546aab86c5370cccf1aa2171490
Parameters passed to dokuwiki.getPagelist and wiki.getAttachments could
contain the option "skipacl" which would prevent ACL checking. This
could leak information about usually non-readable files (like filenames,
sizes and so on). The content of the files was not accessible.
XMLRPC is disabled by default.
darcs-hash:20091116220523-7ad00-0fa8a9a7a52076619c6836738f9a1f00a6dafe27.gz
Ignore-this: 517a7546aab86c5370cccf1aa2171490
Parameters passed to dokuwiki.getPagelist and wiki.getAttachments could
contain the option "skipacl" which would prevent ACL checking. This
could leak information about usually non-readable files (like filenames,
sizes and so on). The content of the files was not accessible.
XMLRPC is disabled by default.
darcs-hash:20091116220523-7ad00-0fa8a9a7a52076619c6836738f9a1f00a6dafe27.gz
| lib/exe/xmlrpc.php | diffblobblamehistory |