Hi, Excerpts from Myron Turner's message of 2011-02-06 16:05:02 +0100: [...] > Thanks for the fix. I'm aware of the access issues and the this in fact > is the only way I could get the FCKeditor to access media files. There > is .htaccess protection but, in addition, the fckgLite implementation of > the FCKeditor's file browser is fully ACL-compliant. So, unless you > have used fckgLite you can't know whether your security warning is > accurate. Please do so before jumping to conclusions. And what are you > referring to as the 'non-safe' version? Regarding media access I just referred to actual file access over http, not listing the contents. The only way to prevent read access would be more rules in the .htaccess files, there aren't any so I can conclude that without testing the plugin. You say in various places that in the fckgLiteSafe version in contrast to the other ("non-safe") version there is an enhanced filebrowser. On http://www.mturner.org/dwfck/fckgLite/doku.php?id=fckglite_safe#fckglitesafe_enhanced_filebrowser_as_of_nov_6_2010 you write that "Users cannot browse files to which they do not have at least read permission. These files are hidden, preventing users from creating links to files for which they do not have at least read permission." My conclusion was that this is different in the "non-safe" version and there users can list pages they can't access. If that shouldn't be correct sorry for the wrong conclusions, feel free to correct that. I just wanted to make these two points more obvious as if any of these two things existed in DokuWiki core we would consider that a major security issue, fix it asap and would probably do a security release. Michael -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist