note that the patch on this page is complely broken, and allows any file starting with a dot to be included

If you applied that patch to your site, you should remove it right away!

1 files changed, 7 insertions, 0 deletions

diff --git a/doc/todo/enable-htaccess-files.mdwn b/doc/todo/enable-htaccess-files.mdwn
index c895db75d..c08502bdd 100644
--- a/doc/todo/enable-htaccess-files.mdwn
+++ b/doc/todo/enable-htaccess-files.mdwn
@@ -12,6 +12,13 @@
                     qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//],
            wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/,
 
+> Note that the above patch is **completely broken**. 
+> It removes the crucial excludes of all files starting with a dot.
+> The negative regexps for htaccess have no effect, so the whole
+> thing only "works" because it allows *any* file starting with a dot.
+> If you applied this patch to your ikiwiki, you opened a huge security
+> hole. --[[Joey]] 
+
 [[!tag patch patch/core]]
 
 This lets the site administrator have a `.htaccess` file in their underlay