From a5ee40104481ba06eaaf277ed2f6c363dd326608 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Sun, 14 Mar 2010 15:08:41 -0400 Subject: [PATCH] note that the patch on this page is complely broken, and allows any file starting with a dot to be included If you applied that patch to your site, you should remove it right away! --- doc/todo/enable-htaccess-files.mdwn | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/doc/todo/enable-htaccess-files.mdwn b/doc/todo/enable-htaccess-files.mdwn index c895db75d..c08502bdd 100644 --- a/doc/todo/enable-htaccess-files.mdwn +++ b/doc/todo/enable-htaccess-files.mdwn @@ -12,6 +12,13 @@ qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//], wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/, +> Note that the above patch is **completely broken**. +> It removes the crucial excludes of all files starting with a dot. +> The negative regexps for htaccess have no effect, so the whole +> thing only "works" because it allows *any* file starting with a dot. +> If you applied this patch to your ikiwiki, you opened a huge security +> hole. --[[Joey]] + [[!tag patch patch/core]] This lets the site administrator have a `.htaccess` file in their underlay -- 2.45.2