X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/1dec41278de8b0f33e1e87ec2f36cdd603528fad..afad77a7e06072609956d19d6bdf7fdd24a5293c:/doc/todo/Moving_Pages.mdwn?ds=inline diff --git a/doc/todo/Moving_Pages.mdwn b/doc/todo/Moving_Pages.mdwn index 61f2663e0..387e4fb82 100644 --- a/doc/todo/Moving_Pages.mdwn +++ b/doc/todo/Moving_Pages.mdwn @@ -10,6 +10,8 @@ Thanks again to [Joey](http://kitenet.net/~joey) for putting ikiwiki together. *[Kyle](http://kitenet.net/~kyle/)=* +> Took a bit too long, but [[done]] now. --[[Joey]] + ---- The MediaWiki moving/renaming mechanism is pretty nice. It's easy to get a list of pages that point to the current page. When renaming a page it sticks a forwarding page in the original place. The larger the size of the wiki the more important organization tools become. @@ -205,3 +207,16 @@ Cases to consider: Update: Meh. It's certianly not ideal; if Bob tries to save the page he uploaded the attachment to, he'll get a message about it having been deleted/renamed, and he can try to figure out what to do... :-/ +* I don't know if this is a conflict, but it is an important case to consider; + you need to make sure that there are no security holes. You dont want + someone to be able to rename something to /etc/passwd. + I think it would be enough that you cannot rename to a location outside + of srcdir, you cannot rename to a location that you wouldn't be able + to edit because it is locked, and you cannot rename to an existing page. + + > Well, there are a few more cases (like not renaming to a pruned + > filename, and not renaming _from_ a file that is not a known source + > file or is locked), but yes, that's essentially it. + > + > PS, the first thing I do to any + > web form is type /etc/passwd and ../../../../etc/passwd into it. ;-) --[[Joey]]