urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Fix a security hole that allowed a web user to edit images and other 

non-page format files in the wiki. To exploit this, the file already had
  to exist in the wiki, and the web user would need to somehow use the web
  based editor to replace it with malicious content.
  (Sorry Josh, this means you can't edit style.css directly anymore,
  although I do appreciate your fixes, actually..)
master
joey 2007-02-10 20:37:36 +00:00
parent cb7d6a88ad
commit 29e6ff03b0
11 changed files with 109 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
IkiWiki/CGI.pm
View File

@ -323,6 +323,9 @@ sub cgi_editpage ($$) { #{{{
if (exists $pagesources{$page}) {
$file=$pagesources{$page};
$type=pagetype($file);
if (! defined $type) {
error(sprintf(gettext("%s is not an editable page"), $page));
}
}
else {
$type=$form->param('type');

8
debian/changelog vendored
View File

@ -25,8 +25,14 @@ ikiwiki (1.42) UNRELEASED; urgency=low
to be used as close to public domain as possible.
* viewcvs is now viewvc (in Debian unstable), update everything to use the
new name.
* Fix a security hole that allowed a web user to edit images and other
non-page format files in the wiki. To exploit this, the file already had
to exist in the wiki, and the web user would need to somehow use the web
based editor to replace it with malicious content.
(Sorry Josh, this means you can't edit style.css directly anymore,
although I do appreciate your fixes, actually..)
-- Joey Hess <joeyh@debian.org> Fri, 9 Feb 2007 00:27:59 -0500
-- Joey Hess <joeyh@debian.org> Sat, 10 Feb 2007 15:09:51 -0500
ikiwiki (1.41) unstable; urgency=low

17
po/bg.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki-bg\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-12 01:19+0200\n"
"Last-Translator: Damyan Ivanov <dam@modsodtsys.com>\n"
"Language-Team: Bulgarian <dict@fsa-bg.org>\n"
@ -24,28 +24,33 @@ msgstr "Първо трябва да влезете."
msgid "Preferences saved."
msgstr "Предпочитанията са запазени."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "дискусия"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "създаване на %s"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "промяна на %s"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Достъпът ви е забранен."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""

17
po/cs.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-07 11:59+0100\n"
"Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
@ -23,28 +23,33 @@ msgstr "Nejprve se musíte přihlásit."
msgid "Preferences saved."
msgstr "Nastavení uloženo."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "diskuse"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "vytvářím %s"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "upravuji %s"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Jste vyhoštěni."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""

17
po/es.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-03 09:37+0100\n"
"Last-Translator: Víctor Moral <victor@taquiones.net>\n"
"Language-Team: spanish <es@li.org>\n"
@ -24,28 +24,33 @@ msgstr "Antes es necesario identificarse"
msgid "Preferences saved."
msgstr "Las preferencias se han guardado."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "comentarios"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "creando página %s"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "modificando página %s"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Ha sido expulsado."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""

17
po/fr.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-22 22:12+0100\n"
"Last-Translator: Jean-Luc Coulon (f5ibh) <jean-luc.coulon@wanadoo.fr>\n"
"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@ -25,28 +25,33 @@ msgstr "Vous devez d'abord vous identifier."
msgid "Preferences saved."
msgstr "Les préférences ont été enregistrées."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "Discussion"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "Création de %s"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "Édition de %s"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Vous avez été banni."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
"Échec de l'identification, vous devriez peut-être autoriser les cookies."

17
po/gu.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki-gu\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-11 16:05+0530\n"
"Last-Translator: Kartik Mistry <kartik.mistry@gmail.com>\n"
"Language-Team: Gujarati <team@utkarsh.org>\n"
@ -23,28 +23,33 @@ msgstr "તમારે પ્રથમ લોગ ઇન થવું પડશ
msgid "Preferences saved."
msgstr "પ્રાથમિકતાઓ સંગ્રહાઇ."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "ચર્ચા"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "%s બનાવે છે"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "%s સુધારે છે"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "તમારા પર પ્રતિબંધ છે."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""

17
po/ikiwiki.pot
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@ -24,28 +24,33 @@ msgstr ""
msgid "Preferences saved."
msgstr ""
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr ""
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr ""
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr ""
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr ""
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""

17
po/pl.po
View File

@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki 1.37\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-05 16:33+100\n"
"Last-Translator: Paweł Tęcza <ptecza@net.icm.edu.pl>\n"
"Language-Team: Debian L10n Polish <debian-l10n-polish@lists.debian.org>\n"
@ -24,28 +24,33 @@ msgstr "Konieczne jest zalogowanie się."
msgid "Preferences saved."
msgstr "Ustawienia zostały zapisane."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "dyskusja"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "tworzenie strony %s"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "edycja strony %s"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Dostęp został zabroniony przez administratora."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""

17
po/sv.po
View File

@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-10 23:47+0100\n"
"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
@ -23,28 +23,33 @@ msgstr "Du måste logga in först."
msgid "Preferences saved."
msgstr "Inställningar sparades."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "diskussion"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "skapar %s"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "redigerar %s"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Du är bannlyst."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""

17
po/vi.po
View File

@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2007-02-08 14:47-0500\n"
"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-13 15:31+1030\n"
"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n"
@ -24,28 +24,33 @@ msgstr "Trước tiên bạn cần phải đăng nhập."
msgid "Preferences saved."
msgstr "Tùy thích đã được lưu."
#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/CGI.pm:327
#, perl-format
msgid "%s is not an editable page"
msgstr ""
#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "thảo luận"
#: ../IkiWiki/CGI.pm:457
#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "đang tạo %s"
#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "đang sửa %s"
#: ../IkiWiki/CGI.pm:625
#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Bạn bị cấm ra."
#: ../IkiWiki/CGI.pm:657
#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""