[pmwiki-announce] PmWiki 2.3.23 released
Petko Yotov
5ko at 5ko.fr
Tue May 2 23:18:06 PDT 2023
Hello. PmWiki version 2.3.23 was published today, and is available at:
https://www.pmwiki.org/pub/pmwiki/pmwiki-2.3.23.tgz
https://www.pmwiki.org/pub/pmwiki/pmwiki-2.3.23.zip
svn://www.pmwiki.org/pmwiki/tags/latest
This version implements session tokens to prevent potential cross-site
request forgery vulnerabilities, suggested by Dominique Faure. Most
core actions that modify pages or files should have this enabled and
should work like before.
This new feature can be disabled by setting these variables in
config.php:
$EnablePmToken = 0; # edit, upload, attributes, approveurls
$PmFormEnablePmToken = 0; # PmForm
Some installations might encounter the error message "Token invalid or
missing". These can include custom edit forms, automated scripts
posting to the wiki, AJAX posting text or uploads used by some recipes,
or partial upgrades where some core scripts haven't been updated. Most
of these should be easy to update -- please report such cases to us --
otherwise you may selectively disable the feature.
A form element (:input pmtoken:) was added, and the helper function
pmtoken() was documented to make it possible for custom forms and
recipes to use this new feature.
The version also includes a minor code refactoring, a bug fix, and the
documentation was updated.
Thanks,
Petko
--
If you upgrade : https://www.pmwiki.org/Upgrades
More information about the pmwiki-announce
mailing list