diff options
Diffstat (limited to 'doc/patchqueue/enable-htaccess-files.mdwn')
-rw-r--r-- | doc/patchqueue/enable-htaccess-files.mdwn | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/doc/patchqueue/enable-htaccess-files.mdwn b/doc/patchqueue/enable-htaccess-files.mdwn deleted file mode 100644 index ed968b195..000000000 --- a/doc/patchqueue/enable-htaccess-files.mdwn +++ /dev/null @@ -1,28 +0,0 @@ - Index: IkiWiki.pm - =================================================================== - --- IkiWiki.pm (revision 2981) - +++ IkiWiki.pm (working copy) - @@ -26,7 +26,7 @@ - memoize("file_pruned"); - - sub defaultconfig () { #{{{ - - wiki_file_prune_regexps => [qr/\.\./, qr/^\./, qr/\/\./, - + wiki_file_prune_regexps => [qr/\.\./, qr/^\.(?!htaccess)/, qr/\/\.(?!htaccess)/, - qr/\.x?html?$/, qr/\.ikiwiki-new$/, - qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//], - wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/, - - -This lets the site administrator have a `.htaccess` file in their underlay -directory, say, then get it copied over when the wiki is built. Without -this, installations that are located at the root of a domain don't get the -benefit of `.htaccess` such as improved directory listings, IP blocking, -URL rewriting, authorisation, etc. - -> I'm concerned about security ramifications of this patch. While ikiwiki -> won't allow editing such a .htaccess file in the web interface, it would -> be possible for a user who has svn commit access to the wiki to use it to -> add a .htaccess file that does $EVIL. -> -> Perhaps this should be something that is configurable via the setup file -> instead. --[[Joey]] |