summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorhttp://www.cse.unsw.edu.au/~willu/ <http://www.cse.unsw.edu.au/~willu/@web>2008-07-24 21:46:23 -0400
committerJoey Hess <joey@kitenet.net>2008-07-24 21:46:23 -0400
commit7a070c64fab372cb829261a989eb28fdd30d306e (patch)
tree4bde30ed192ff8cba1e00bb1bb7326f4c72c27a0
parent058e7e451c3291b201d95f95101dabb1b4d2a5f0 (diff)
Add notes about possible security issues with rename - these look to be already covered in the source, but I wanted to make sure they're listed in the docs too.
-rw-r--r--doc/todo/Moving_Pages.mdwn6
1 files changed, 6 insertions, 0 deletions
diff --git a/doc/todo/Moving_Pages.mdwn b/doc/todo/Moving_Pages.mdwn
index 61f2663e0..cf1ce89c6 100644
--- a/doc/todo/Moving_Pages.mdwn
+++ b/doc/todo/Moving_Pages.mdwn
@@ -205,3 +205,9 @@ Cases to consider:
Update: Meh. It's certianly not ideal; if Bob tries to save the page he
uploaded the attachment to, he'll get a message about it having been
deleted/renamed, and he can try to figure out what to do... :-/
+* I don't know if this is a conflict, but it is an important case to consider;
+ you need to make sure that there are no security holes. You dont want
+ someone to be able to rename something to <code>/etc/passwd</code>.
+ I think it would be enough that you cannot rename to a location outside
+ of srcdir, you cannot rename to a location that you wouldn't be able
+ to edit because it is locked, and you cannot rename to an existing page.