response
parent
cb0c642aed
commit
16112c3294
|
@ -13,7 +13,7 @@ ikiwiki (1.46) UNRELEASED; urgency=low
|
|||
* Applied a patch from Michał to make the mercurial backend pass --quiet to
|
||||
hg.
|
||||
|
||||
-- Joey Hess <joeyh@debian.org> Sat, 17 Mar 2007 19:56:04 -0400
|
||||
-- Joey Hess <joeyh@debian.org> Sun, 18 Mar 2007 18:22:12 -0400
|
||||
|
||||
ikiwiki (1.45) unstable; urgency=low
|
||||
|
||||
|
|
|
@ -13,4 +13,16 @@
|
|||
wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/,
|
||||
|
||||
|
||||
This lets the site administrator have a `.htaccess` file in their underlay directory, say, then get it copied over when the wiki is built. Without this, installations that are located at the root of a domain don't get the benefit of `.htaccess` such as improved directory listings, IP blocking, URL rewriting, authorisation, etc.
|
||||
This lets the site administrator have a `.htaccess` file in their underlay
|
||||
directory, say, then get it copied over when the wiki is built. Without
|
||||
this, installations that are located at the root of a domain don't get the
|
||||
benefit of `.htaccess` such as improved directory listings, IP blocking,
|
||||
URL rewriting, authorisation, etc.
|
||||
|
||||
> I'm concerned about security ramifications of this patch. While ikiwiki
|
||||
> won't allow editing such a .htaccess file in the web interface, it would
|
||||
> be possible for a user who has svn commit access to the wiki to use it to
|
||||
> add a .htaccess file that does $EVIL.
|
||||
>
|
||||
> Perhaps this should be something that is configurable via the setup file
|
||||
> instead. --[[Joey]]
|
||||
|
|
Loading…
Reference in New Issue