summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoey Hess <joey@gnu.kitenet.net>2010-03-14 15:08:41 -0400
committerJoey Hess <joey@gnu.kitenet.net>2010-03-14 15:08:41 -0400
commita5ee40104481ba06eaaf277ed2f6c363dd326608 (patch)
treed5c309c80a86f2d28795b52a8848308781704989
parent823ec815d4fc9625d6fa3553ad03e9f2ff737659 (diff)
note that the patch on this page is complely broken, and allows any file starting with a dot to be included
If you applied that patch to your site, you should remove it right away!
-rw-r--r--doc/todo/enable-htaccess-files.mdwn7
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/todo/enable-htaccess-files.mdwn b/doc/todo/enable-htaccess-files.mdwn
index c895db75d..c08502bdd 100644
--- a/doc/todo/enable-htaccess-files.mdwn
+++ b/doc/todo/enable-htaccess-files.mdwn
@@ -12,6 +12,13 @@
qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//],
wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/,
+> Note that the above patch is **completely broken**.
+> It removes the crucial excludes of all files starting with a dot.
+> The negative regexps for htaccess have no effect, so the whole
+> thing only "works" because it allows *any* file starting with a dot.
+> If you applied this patch to your ikiwiki, you opened a huge security
+> hole. --[[Joey]]
+
[[!tag patch patch/core]]
This lets the site administrator have a `.htaccess` file in their underlay