transient merged; bookkeeping

author: Joey Hess <joey@kitenet.net> 2011-02-09 14:18:48 -0400
committer: Joey Hess <joey@kitenet.net> 2011-02-09 14:18:48 -0400
commit: 1879fe63be1073fa0d55764e7d78af53afa4b265 (patch)
tree: d52a6b67936f2b216bec470dfed51c17feaf062d /doc/bugs
parent: 9d548239a92cb01429334b68c3967bc4dbcf0c50 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/doc/bugs/removal_of_transient_pages.mdwn b/doc/bugs/removal_of_transient_pages.mdwn
new file mode 100644
index 000000000..ef7607c3a
--- /dev/null
+++ b/doc/bugs/removal_of_transient_pages.mdwn
@@ -0,0 +1,17 @@
+The remove plugin cannot remove [[todo/transient_pages]].
+
+> this turns out to be harder than
+> I'd hoped, because I don't want to introduce a vulnerability in the
+> non-regular-file detection, so I'd rather defer that. --[[smcv]]
+
+This is particularly a problem for tag pages, and autoindex
+created pages. So both plugins default to not creating transient
+pages, until this is fixed.  --[[Joey]] 
+
+> I'll try to work out which of the checks are required for security
+> and which are just nice-to-have, but I'd appreciate any pointers
+> you could give. --[[smcv]]
+
+>> I assume by "non-regular file", you are referring to the check
+>> in remove that the file "Must exist on disk, and be a regular file" ?
+>> --[[Joey]]
author	Joey Hess <joey@kitenet.net>	2011-02-09 14:18:48 -0400
committer	Joey Hess <joey@kitenet.net>	2011-02-09 14:18:48 -0400
commit	1879fe63be1073fa0d55764e7d78af53afa4b265 (patch)
tree	d52a6b67936f2b216bec470dfed51c17feaf062d /doc/bugs
parent	9d548239a92cb01429334b68c3967bc4dbcf0c50 (diff)