[pmwiki-devel] Security issues: Disabling action=source & action=diff?

Patrick R. Michaud pmichaud at pobox.com
Wed Dec 6 10:37:55 CST 2006

On Wed, Dec 06, 2006 at 12:32:47AM +0100, christian.ridderstrom at gmail.com wrote:
> On Tue, 5 Dec 2006, Crisses wrote:
> > Anyone against this?  For it?  Want to help?  Want to do it instead? :)
> I don't think action=source should be blocked by default.

Perhaps we should create a scripts/secure.php script and/or
an $EnableParanoidSecurity option that sets a higher level of
security for PmWiki.  If done as the $EnableParanoidSecurity
option then recipes could use that variable setting as well
to set some of their defaults.


More information about the pmwiki-devel mailing list