summaryrefslogtreecommitdiff
path: root/doc/bugs/comments_preview_unsafe_with_allowdirectives.mdwn
blob: 7f9fb67e9a2819dfbd69c68aa17b37aafea0ec1c (plain)

If comments_allowdirectives is set, previewing a comment can run directives that create files. (Eg, img.) Unlike editpage, it does not keep track of those files and expire them. So the files will linger in destdir forever.

Probably when the user then tries to save the comment, ikiwiki will refuse to overwrite the unknown file, and will crash. --[[Joey]]