add

[git.ikiwiki.info.git] / doc / security.mdwn

diff --git a/doc/security.mdwn b/doc/security.mdwn
index b294decc818006b55b71f1dcc8b9b54c35159ecb..e72b3fe2bdf2af7de90ae2766c337f83ae933e43 100644 (file)
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -1,4 +1,4 @@
-Let's do an ikiwiki security analysis..
+Let's do an ikiwiki security analysis.
 
 If you are using ikiwiki to render pages that only you can edit, do not
 generate any wrappers, and do not use the cgi, then there are no more
@@ -21,7 +21,7 @@ this would be to limit web commits to those done by a certian user.
 ## other stuff to look at
 
 I need to audit the git backend a bit, and have been meaning to
-see if any CRLF injection type things can be done.
+see if any CRLF injection type things can be done in the CGI code.
 
 ----
 
@@ -41,7 +41,7 @@ Of course nobody else seems to worry about this in other wikis, so should we?
 
 Currently only people with direct svn commit access can upload such files
 (and if you wanted to you could block that with a svn pre-commit hook).
-Wsers with only web commit access are limited to editing pages as ikiwiki
+Users with only web commit access are limited to editing pages as ikiwiki
 doesn't support file uploads from browsers (yet), so they can't exploit
 this.