diff options
| author | www-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-03-15 05:56:48 +0000 |
|---|---|---|
| committer | www-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-03-15 05:56:48 +0000 |
| commit | 4c232a06de016dfb3eb9087f6c584e4cfc724dd4 (patch) | |
| tree | 6118c72a1e45f9348c71c3aea942c3389174c1eb | |
| parent | ca0a240f31274d1544bebf1c272d26a7524be787 (diff) | |
web commit by joey
| -rw-r--r-- | doc/security.mdwn | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 278bad024..252239331 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -69,6 +69,12 @@ Setup files are not safe to keep in subversion with the rest of the wiki. Just don't do it. [[ikiwiki.setup]] is *not* used as the setup file for this wiki, BTW. +## svn commit logs + +Currently html is not escape in svn commit logs, this should probably be fixed. + +Anyone with svn commit access can forge "web commit from foo" and make it appeat on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user. + ---- # Hopefully non-holes |