]> scripts.mit.edu Git - www/ikiwiki.git/blobdiff - doc/security.mdwn
scripts.mit.edu / www / ikiwiki.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
web commit by joey
[www/ikiwiki.git] / doc / security.mdwn
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 278bad024101bae6babb487db7e22cc09583c7d9..252239331d30731a5c0fc750bd874e04114ced0a 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -69,6 +69,12 @@ Setup files are not safe to keep in subversion with the rest of the wiki.
 Just don't do it. [[ikiwiki.setup]] is *not* used as the setup file for
 this wiki, BTW.
 
+## svn commit logs
+
+Currently html is not escape in svn commit logs, this should probably be fixed.
+
+Anyone with svn commit access can forge "web commit from foo" and make it appeat on [[RecentChanges]] like foo committed. One way to avoid this would be to limit web commits to those done by a certian user.
+
 ----
 
 # Hopefully non-holes
Unnamed repository; edit this file 'description' to name the repository.