1 1. We have a `$srcdir/writable/page.mdwn` source file in Git.
2 2. ikiwiki is configured to allow edits via the CGI in `writable/*`,
4 2. Modify `$srcdir/writable/page.mdwn`, commit ⇒ commit `$id`.
5 3. `git mv $srcdir/writable/page.mdwn $srcdir/read-only/page.mdwn`
7 ⇒ The web interface allows reverting commit `$id` (presumably because
8 it changes files only in `$srcdir/writable`). This operation
9 effectively modifies `$srcdir/read-only/page.mdwn`, which feels wrong.
10 My guess is that `check_canchange` does not take into account that Git
11 will automatically detect that the file affected by the to-be-reverted
12 commit has moved, and modify the file in its new location
15 > Working on it. In future please report non-public security
16 > vulnerabilities (such as authorization bypass) by private email to the
17 > maintainers, so that they are not visible to the general public
18 > until we have had a chance to fix the bug. --[[smcv]]
20 >> Sorry about that, I should clearly know better :/ --[[intrigeri]]
23 > `git revert --strategy=recursive --strategy-option=no-renames`.
24 > I tried to do something more clever (doing the revert, and checking
25 > whether it made changes that aren't allowed) but couldn't get it to
26 > work in a reasonable time, so I'm going with the simpler fix.
27 > [[Fix committed|done]], a release will follow later today. --[[smcv]]
29 >> You rock, thanks a lot! --[[intrigeri]]