summaryrefslogtreecommitdiff
path: root/doc/security.mdwn
AgeCommit message (Collapse)Author
2011-03-28CVE assignedJoey Hess
2011-03-28use real nameGiuseppe Bilotta
2011-03-28severity analysis updateJoey Hess
2011-03-28releasing version 3.20110328Joey Hess
2011-03-28meta: Security fix; don't allow alternative stylesheets to be added on pages ↵Joey Hess
where the htmlscrubber is enabled.
2011-03-09Fix typo: s/insertation/insertion/gJosh Triplett
2011-01-22backportJoey Hess
2011-01-22releasing version 3.20110122Joey Hess
2011-01-22document XSSJoey Hess
2010-11-12CVE idJoey Hess
2010-11-12releasing version 3.20101112Joey Hess
2010-11-12security issueJoey Hess
2010-04-23update re template changeJoey Hess
2010-04-02Despam, again. Someone ban adrianna please?Simon McVittie
2010-04-02(no commit message)adrianna
2010-03-12htmlscrubber: Security fix: In data:image/* uris, only allow a few ↵Joey Hess
whitelisted image types. No svg.
2009-08-30CVEJoey Hess
2009-08-30still mispelling josh's name..Joey Hess
2009-08-30teximg security problemJoey Hess
2008-12-31Fix version.JoshTriplett
2008-11-12note fix versionsJoey Hess
2008-11-12check for invalid utf-8, and toss it back to avoid crashesJoey Hess
Since ikiwiki uses open :utf8, perl assumes that files contain valid utf-8. If it turns out to be malformed it may later crash while processing strings read from them, with 'Malformed UTF-8 character (fatal)'. As at least a quick fix, use utf8::valid as soon as data is read, and if it's not valid, call encode_utf8 on the string, thus clearing the utf-8 flag. This may cause follow-on encoding problems, but will avoid this crash, and the input file was broken anyway, so GIGO is a reasonable response. (I looked at calling decode_utf8 after, but it seemed to cause more trouble than it was worth. BTW, use open ':encoding(utf8)' avaoids this problem, but the corrupted data later causes Storable to crash when writing the index.) This is a quick fix, clearly imperfect: - It might be better to explicitly call decode_utf8 when reading files, rather than using the IO layer. - Data read other than by readfile() can still sneak in bad utf-8. While ikiwiki does very little file input not using it, stdin for the CGI would be one way.
2008-07-26remove ikiwiki.setupJoey Hess
To generate your own, use ikiwiki -dumpsetup ikiwiki.setup Update docs.
2008-07-21Migrate everything else via prefix_directivesSimon McVittie
This is a partial commit of: egrep -rl '\[\[[a-z]+ ' doc | xargs --max-args 1 ./ikiwiki-transition prefix_directives
2008-07-02updateJoey Hess
2008-05-31cve idJoey Hess
2008-05-30fix linkJoey Hess
2008-05-30more on the security holeJoey Hess
2008-05-29documentation for use of hashed passwordsJoey Hess
Everything but the actual coding to support them.
2008-04-20add CVE linkJoey Hess
2008-04-10releasing version 2.42Joey Hess
2008-04-10Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess
The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.
2008-04-10fix what I think is a typoJoey Hess
2008-02-20add CVE idsJoey Hess
2008-02-10some updates about the recent holeJoey Hess
2008-02-10a few thoughts on data: securityJoey Hess
2008-02-10document security fixJoey Hess
The backported fix for stable is tagged and waiting for the security team to upload.
2007-12-22typoJoey Hess
2007-11-27moreJoey Hess
2007-11-27remove svn-ismsJoey Hess
2007-11-27add some documentation about how to safely allow multiple committers to anJoey Hess
ikiwiki git repository
2007-11-26releasing version 2.14Joey Hess
2007-03-21* Fix a security hole that allowed insertion of unsafe content via the metajoey
plugins's support for inserting html link and meta tags. Now such content is passed through the htmlscrubber like everything else. * Unfortunatly, that means that some valid uses of those tags are no longer usable, and special case methods needed to be added for including stylesheets, and for doing openid delegation. If you use either of these in your wiki, it will need to be modified. See the meta plugin docs for details.
2007-03-21* Fix a few bugs around page titles containing html. The worst of thesejoey
is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber.
2007-02-14document recent security holejoey
2006-12-27web commit by JeremyReed: typo fixjoey
2006-11-21web commit by http://id.kurokatta.org/david: Copyedit.joey
2006-10-22some notes about the security (or lack thereof) of pluginsjoey
2006-08-28* Add toc (table of contents) plugin.joey
2006-08-28updatejoey