summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-03-15 05:56:48 +0000
committerwww-data <www-data@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2006-03-15 05:56:48 +0000
commit4c232a06de016dfb3eb9087f6c584e4cfc724dd4 (patch)
tree6118c72a1e45f9348c71c3aea942c3389174c1eb
parentca0a240f31274d1544bebf1c272d26a7524be787 (diff)
web commit by joey
-rw-r--r--doc/security.mdwn6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 278bad024..252239331 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -69,6 +69,12 @@ Setup files are not safe to keep in subversion with the rest of the wiki.
Just don't do it. [[ikiwiki.setup]] is *not* used as the setup file for
this wiki, BTW.
+## svn commit logs
+
+Currently html is not escape in svn commit logs, this should probably be fixed.
+
+Anyone with svn commit access can forge "web commit from foo" and make it appeat on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user.
+
----
# Hopefully non-holes