releasing version 1.13

author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-02 01:31:39 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-08-02 01:31:39 +0000
commit: 2c0b310cc208b08fded4fe7e80cc3efbc4112c56 (patch)
tree: f13aacfb32a7676392f80eb1659e8e0662507e54 /doc
parent: 9db405f76a87c245b44e5be66a1dd879a246367f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 4db756e2e..b3b5b6f3e 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -91,6 +91,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_
 Someone could add bad content to the wiki and hope to exploit ikiwiki.
 Note that ikiwiki runs with perl taint checks on, so this is unlikely.
 
+One fun thing in ikiwiki is its handling of a PageSpec, which involves
+translating it into perl and running the perl. Of course, this is done
+*very* carefully to guard against injecting arbitrary perl code.
+
 ## publishing cgi scripts
 
 ikiwiki does not allow cgi scripts to be published as part of the wiki. Or
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-02 01:31:39 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-08-02 01:31:39 +0000
commit	2c0b310cc208b08fded4fe7e80cc3efbc4112c56 (patch)
tree	f13aacfb32a7676392f80eb1659e8e0662507e54 /doc
parent	9db405f76a87c245b44e5be66a1dd879a246367f (diff)