Hello! Harry Fuecks discovered a possible security problem with the html_hilight() function, wich is used to highlight search terms in a page. These terms are used in a preg_replace call using the /e modifier which could lead to a PHP code injection problem. We were not able to successfully exploit the the flaw but belive it could be possible. Due to the seriousness of this bug I urge everyone using DokuWiki to fix this by either applying the modifications described at http://bugs.splitbrain.org/?do=details&id=616 or by getting an updated package of the 2005-09-22 release from http://www.splitbrain.org/go/dokuwiki Andi PS: If you are able to exploit it I'd like to get a __private__ mail with an example from you. Again: please do not send an working exploit to the list.