X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/34e7fe13e4f60c79de4ee38d6b2d60b08ad411a9..651cdd4b2a85f4e5f9d298a7eea7d0e6d94442b1:/doc/todo/Zoned_ikiwiki.mdwn diff --git a/doc/todo/Zoned_ikiwiki.mdwn b/doc/todo/Zoned_ikiwiki.mdwn index 6b562215a..76b2b69c7 100644 --- a/doc/todo/Zoned_ikiwiki.mdwn +++ b/doc/todo/Zoned_ikiwiki.mdwn @@ -123,6 +123,18 @@ but I'll begin it here. Note that not all of these issues will be problems for all **zoned ikiwiki use cases**. +### Leakage of page existence by `do=goto` + +An unauthorized client can use a `do=goto` request to find out whether a +page exists (will be forbidden to view it) or not (will be forbidden to create it). + +In [[plugins/contrib/signinview]] this is handled by hooking +`cgi` first and checking for `goto` and a non-public page. If the requested page +(existing or not) matches the `public_pages` PageSpec, it is handed off for the `goto` +plugin to handle normally. Otherwise, the `do` parameter is changed to `signingoto` +so the `goto` plugin's `cgi` hook will _not_ handle it, and the `sessioncgi` hook +takes care of it when the user's identity is available. + ### Backlinks What is problematic is when you link a public page in a private page :