OK - have updated the wiki:install page with a "Step 2" on security (http://wiki.splitbrain.org/wiki:install) which links across to the wiki:security (http://wiki.splitbrain.org/wiki:security) page, where I've add a note on the bin directory.
Probably the quickest and safest fix is simply to delete the bin sub-directory. The scripts in there are meant for command line use and (as far as I know) are not used by any other part of Dokuwiki - i.e. deleting it shouldn't break you're wiki and if you don't know what they're for, you don't need them.
Have to take my share of blame - dwpage.php is code I wrote - had never occurred to me that someone would place it publically under their document root, given it's a command line script meant for administrators only, with shell access to the server. A check at the start, using php_sapi_name() for the CLI sapi would have prevented this.
On 9/8/06, Terence J. Grant <tjgrant@xxxxxxxxxxxx> wrote: > Hi Oliver, et al... (perhaps Andi) > > I realize there is panic mode right now, so don't see this as any kind > of immediate request... > > I am not (and I'm sure this is the case for others) horribly confident > beyond the .htaccess fix on how exactly to change(or check) the > register_argc_argv, and really the configuration of php safe_mode, php > base_opendir and things of that nature. > > So if all of this is required, Oliver, if you or someone knowledgable > could post a wiki:tip for this, it might help... > > This is just partially due to inexperience with apache as well as not > being able to self host. > > And again I realize this is non-finalized; some things like this might > not be necessary-- but if they are, please keep the above in mind. > > -- > --Terence J. Grant(tjgrant@xxxxxxxxxxxx) > -- > DokuWiki mailing list - more info at > http://wiki.splitbrain.org/wiki:mailinglist >
-- DokuWiki mailing list - more info at http://wiki.splitbrain.org/wiki:mailinglist