[dokuwiki] Re: Restricting actions

• From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
• To: dokuwiki@xxxxxxxxxxxxx
• Date: Mon, 03 Jul 2006 14:35:06 +0200

Chris Smith writes:

Andi,

Is there another patch to come?

In my brief look through, I didnt' see any checking in or before actions.php. That could mean a spoofed request for a disabled command would perform the processing associated with that command - even if no html was generated.

The check is done in act_clean(), action.php line 159 - or did I miss something?

Andi
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist

• Follow-Ups:
  • [dokuwiki] Re: Restricting actions
    • From: Chris Smith

• References:
  • [dokuwiki] Re: Restricting actions (was Re: view page source button)
    • From: Andreas Gohr
  • [dokuwiki] Re: Restricting actions (was Re: view page source button)
    • From: Chris Smith
  • [dokuwiki] Re: Restricting actions
    • From: Andreas Gohr
  • [dokuwiki] Re: Restricting actions
    • From: Chris Smith

Other related posts:

• » [dokuwiki] Re: Restricting actions
• » [dokuwiki] Re: Restricting actions
• » [dokuwiki] Re: Restricting actions
• » [dokuwiki] Re: Restricting actions
• » [dokuwiki] Re: Restricting actions
• » [dokuwiki] Re: Restricting actions

1. Home
2. dokuwiki
3. Archive
4. 07-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---