diff options
Diffstat (limited to 'doc/todo/enable-htaccess-files.mdwn')
-rw-r--r-- | doc/todo/enable-htaccess-files.mdwn | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/doc/todo/enable-htaccess-files.mdwn b/doc/todo/enable-htaccess-files.mdwn new file mode 100644 index 000000000..accd96bd7 --- /dev/null +++ b/doc/todo/enable-htaccess-files.mdwn @@ -0,0 +1,29 @@ + Index: IkiWiki.pm + =================================================================== + --- IkiWiki.pm (revision 2981) + +++ IkiWiki.pm (working copy) + @@ -26,7 +26,7 @@ + memoize("file_pruned"); + + sub defaultconfig () { #{{{ + - wiki_file_prune_regexps => [qr/\.\./, qr/^\./, qr/\/\./, + + wiki_file_prune_regexps => [qr/\.\./, qr/^\.(?!htaccess)/, qr/\/\.(?!htaccess)/, + qr/\.x?html?$/, qr/\.ikiwiki-new$/, + qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//], + wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/, + +[[tag patch]] + +This lets the site administrator have a `.htaccess` file in their underlay +directory, say, then get it copied over when the wiki is built. Without +this, installations that are located at the root of a domain don't get the +benefit of `.htaccess` such as improved directory listings, IP blocking, +URL rewriting, authorisation, etc. + +> I'm concerned about security ramifications of this patch. While ikiwiki +> won't allow editing such a .htaccess file in the web interface, it would +> be possible for a user who has svn commit access to the wiki to use it to +> add a .htaccess file that does $EVIL. +> +> Perhaps this should be something that is configurable via the setup file +> instead. --[[Joey]] |