]> git.vanrenterghem.biz Git - git.ikiwiki.info.git/blobdiff - doc/todo/design_for_cross-linking_between_content_and_CGI.mdwn
Exclude working directory from library path (CVE-2016-1238)
[git.ikiwiki.info.git] / doc / todo / design_for_cross-linking_between_content_and_CGI.mdwn
index 7c920f01f05ed2bd076d5e63466a56798632cfa5..d8040bf3e31e18ba7e4961e9d0b0838cfbeb8981 100644 (file)
@@ -116,3 +116,19 @@ I've added a regression test in `t/relativity.t`. We might want to
 consider dropping some of it or skipping it unless a special environment
 variable is set once this is all working, since it's a bit slow.
 --[[smcv]]
+
+# Remaining bugs
+
+## Arguable
+
+* Configure the url and cgiurl to both be https, then access the
+  CGI via a non-https address. The stylesheet is loaded from the http
+  version of the static site, but maybe it should be forced to https?
+
+* Configure url = "http://static.example.com/",
+  cgiurl = "http://cgi.example.com/ikiwiki.cgi" and access the
+  CGI via staging.example.net. Self-referential links to the
+  CGI point to cgi.example.com, but maybe they should point to
+  staging.example.net?
+
+* *(possibly incomplete, look for TODO and ??? in relativity.t)*