summaryrefslogtreecommitdiff
path: root/doc/bugs
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2011-02-09 14:18:48 -0400
committerJoey Hess <joey@kitenet.net>2011-02-09 14:18:48 -0400
commit1879fe63be1073fa0d55764e7d78af53afa4b265 (patch)
treed52a6b67936f2b216bec470dfed51c17feaf062d /doc/bugs
parent9d548239a92cb01429334b68c3967bc4dbcf0c50 (diff)
transient merged; bookkeeping
Diffstat (limited to 'doc/bugs')
-rw-r--r--doc/bugs/removal_of_transient_pages.mdwn17
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/bugs/removal_of_transient_pages.mdwn b/doc/bugs/removal_of_transient_pages.mdwn
new file mode 100644
index 000000000..ef7607c3a
--- /dev/null
+++ b/doc/bugs/removal_of_transient_pages.mdwn
@@ -0,0 +1,17 @@
+The remove plugin cannot remove [[todo/transient_pages]].
+
+> this turns out to be harder than
+> I'd hoped, because I don't want to introduce a vulnerability in the
+> non-regular-file detection, so I'd rather defer that. --[[smcv]]
+
+This is particularly a problem for tag pages, and autoindex
+created pages. So both plugins default to not creating transient
+pages, until this is fixed. --[[Joey]]
+
+> I'll try to work out which of the checks are required for security
+> and which are just nice-to-have, but I'd appreciate any pointers
+> you could give. --[[smcv]]
+
+>> I assume by "non-regular file", you are referring to the check
+>> in remove that the file "Must exist on disk, and be a regular file" ?
+>> --[[Joey]]