X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/d012f18a95362076bddbcd76a4df2d7b4d7fef7a..efac37267afa8ea194117d60a69d6a5dd253c962:/doc/patchqueue/enable-htaccess-files.mdwn diff --git a/doc/patchqueue/enable-htaccess-files.mdwn b/doc/patchqueue/enable-htaccess-files.mdwn index cb034fadf..ed968b195 100644 --- a/doc/patchqueue/enable-htaccess-files.mdwn +++ b/doc/patchqueue/enable-htaccess-files.mdwn @@ -13,4 +13,16 @@ wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/, -This lets the site administrator have a `.htaccess` file in their underlay directory, say, then get it copied over when the wiki is built. Without this, installations that are located at the root of a domain don't get the benefit of `.htaccess` such as improved directory listings, IP blocking, URL rewriting, authorisation, etc. \ No newline at end of file +This lets the site administrator have a `.htaccess` file in their underlay +directory, say, then get it copied over when the wiki is built. Without +this, installations that are located at the root of a domain don't get the +benefit of `.htaccess` such as improved directory listings, IP blocking, +URL rewriting, authorisation, etc. + +> I'm concerned about security ramifications of this patch. While ikiwiki +> won't allow editing such a .htaccess file in the web interface, it would +> be possible for a user who has svn commit access to the wiki to use it to +> add a .htaccess file that does $EVIL. +> +> Perhaps this should be something that is configurable via the setup file +> instead. --[[Joey]]