[pmwiki-devel] Security issues: Disabling action=source & action=diff?

The Editor editor at fast.st
Tue Dec 5 15:43:42 CST 2006


On 12/5/06, Kathryn Andersen <kat_lists at katspace.homelinux.org> wrote:
> On Tue, Dec 05, 2006 at 10:54:40AM -0500, The Editor wrote:
> > PS.  Is there a need to block the diff action?  It only shows output,
> > not source, correct?
>
> By default it shows output, but there is a source view for it as well.
>
> Kathryn Andersen


What do you mean by a source view for the diff?  You mean
"n=Group.Name?action=diff&action=source" together?  But if so, when
the source is blocked, it would be blocked for this as well.  Correct?

Cheers,
Caveman



More information about the pmwiki-devel mailing list