[pmwiki-users] [pmwiki-devel] Security issues: Disabling action=source & action=diff?
Tegan Dowling
tmdowling at gmail.com
Tue Dec 5 15:58:51 CST 2006
On 12/5/06, The Editor <editor at fast.st> wrote:
> On 12/5/06, Kathryn Andersen <kat_lists at katspace.homelinux.org> wrote:
> > On Tue, Dec 05, 2006 at 10:54:40AM -0500, The Editor wrote:
> > > PS. Is there a need to block the diff action? It only shows output,
> > > not source, correct?
> >
> > By default it shows output, but there is a source view for it as well.
> >
> > Kathryn Andersen
>
>
> What do you mean by a source view for the diff? You mean
> "n=Group.Name?action=diff&action=source" together? But if so, when
> the source is blocked, it would be blocked for this as well. Correct?
On a History page (?action=diff), click the "Show changes to markup"
link. This appends ?action=diff&source=y. Dunno if &source=y draws
on the same permissions as ?action=source. You could test it.
More information about the pmwiki-users
mailing list