summaryrefslogtreecommitdiff
path: root/doc/recentchanges/change_0ea5f43790fe2ce3cc40e9513191e72c67a1ee51._change
blob: 99f032a4c593c0a4f0484621b02492e960e53b81 (plain) 
    

  1. [[!meta author="""joey"""]]
    2. 

  2. 

  3. [[!meta authorurl="""http://ikiwiki.info/ikiwiki.cgi?page=users%2Fjoey&do=goto"""]]
    4. 

  4. 

  5. [[!meta title="""change to security on ikiwiki"""]]
    6. 

  6. 

  7. [[!meta permalink="http://ikiwiki.info/recentchanges/#change-0ea5f43790fe2ce3cc40e9513191e72c67a1ee51"]]
    8. 

  8. 

  9. <div id="change-0ea5f43790fe2ce3cc40e9513191e72c67a1ee51" class="metadata">
    10. 

  10. <span class="desc"><br />Changed pages:</span>
    11. 

  11. <span class="pagelinks">
    12. 

  12. 

  13. <a href="http://git.ikiwiki.info/?p=ikiwiki;a=blobdiff;f=doc/security.mdwn;h=33b199247dbf541362097124a984ceba6d93658e;hp=34a0052397fa857552051fc7e06cef84a1ccab01;hb=0ea5f43790fe2ce3cc40e9513191e72c67a1ee51;hpb=d5056fb61e8332fea658363e931ec28a35681ffe" title="diff" rel="nofollow">[[diff|wikiicons/diff.png]]</a><a href="http://ikiwiki.info/ikiwiki.cgi?page=security&amp;do=goto" rel="nofollow">security</a>
    14. 

  14. 

  15. 

  16. </span>
    17. 

  17. <span class="desc"><br />Changed by:</span>
    18. 

  18. <span class="committer">
    19. 

  19. 

  20. <a href="http://ikiwiki.info/ikiwiki.cgi?page=users%2Fjoey&amp;do=goto" rel="nofollow">joey</a>
    21. 

  21. 

  22. </span>
    23. 

  23. <span class="desc"><br />Commit type:</span>
    24. 

  24. <span class="committype">git</span>
    25. 

  25. <span class="desc"><br />Date:</span>
    26. 

  26. <span class="changedate"><span class="relativedate" title="Fri, 12 Nov 2010 00:24:52 -0400">00:24:52 11/12/10</span></span>
    27. 

  27. <span class="desc"><br /></span>
    28. 

  28. </div>
    29. 

  29. 

  30. <span class="revert">
    31. 

  31. <a href="http://ikiwiki.info/ikiwiki.cgi?rev=0ea5f43790fe2ce3cc40e9513191e72c67a1ee51&amp;do=revert" title="revert" rel="nofollow">[[revert|wikiicons/revert.png]]</a>
    32. 

  32. </span>
    33. 

  33. 

  34. <div class="changelog">
    35. 

  35. 

  36. 

  37. security issue<br />
    38. 

  38. 

  39. 

  40. </div>
    41. 

  41. 

  42. <div class="diff">
    43. 

  43. <pre>
    44. 

  44. diff --git a/doc/security.mdwn b/doc/security.mdwn
    45. 

  45. index 34a0052..33b1992 100644
    46. 

  46. --- a/doc/security.mdwn
    47. 

  47. +++ b/doc/security.mdwn
    48. 

  48. @@ -440,3 +440,16 @@ with the release of ikiwiki 3.20100312.
    49. 

  49.  A fix was also backported to Debian etch, as version 2.53.5. I recommend
    50. 

  50.  upgrading to one of these versions if your wiki can be edited by third
    51. 

  51.  parties.
    52. 

  52. +
    53. 

  53. +## javascript insertation via insufficient htmlscrubbing of comments
    54. 

  54. +
    55. 

  55. +Kevin Riggle noticed that it was not possible to configure
    56. 

  56. +`htmlscrubber_skip` to scrub comments while leaving unscubbed the text
    57. 

  57. +of eg, blog posts. Confusingly, setting it to &quot;* and !comment(*)&quot; did not
    58. 

  58. +scrub comments.
    59. 

  59. +
    60. 

  60. +Additionally, it was discovered that comments&#39; html was never scrubbed during
    61. 

  61. +preview or moderation of comments.
    62. 

  62. +
    63. 

  63. +These problems were discovered on 12 November 2010 and fixed the same
    64. 

  64. +hour with the release of ikiwiki 3.20101112.
    65. 

  65. 

  66. </pre>
    67. 

  67. </div>
    68. 

  68. 

  69. <!-- 0ea5f43790fe2ce3cc40e9513191e72c67a1ee51 -->
    70.
generated by cgit v1.2.3 (git 2.46.0) at 2025-02-17 04:10:26 +0000