urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ikiwiki/doc
History
Simon McVittie a8a7462382 Try revert operations (on a branch) before approving them 
Otherwise, we have a time-of-check/time-of-use vulnerability:
rcs_preprevert previously looked at what changed in the commit we are
reverting, not at what would result from reverting it now. In
particular, if some files were renamed since the commit we are
reverting, a revert of changes that were within the designated
subdirectory and allowed by check_canchange() might now affect
files that are outside the designated subdirectory or disallowed
by check_canchange().

It is not sufficient to disable rename detection, since git older
than 2.8.0rc0 (in particular the version in Debian stable) silently
accepts and ignores the relevant options.

OVE-20161226-0002
 		2016-12-28 21:32:12 +00:00
..
banned_users
basewiki
bugs Add CVE references for CVE-2016-10026 2016-12-21 13:03:36 +00:00
cgi
contact
css
css_market 2016-09-24 02:39:10 -04:00
examples 2015-07-09 08:05:37 -04:00
forum Added a comment 2016-12-26 18:03:28 -04:00
freesoftware
ikiwiki added actual progress bar 2016-09-25 00:51:03 -04:00
ikiwiki-calendar Patch (calendar): autocreate archive pages when needed 2014-06-24 15:37:52 +02:00
ikiwiki-makerepo
ikiwiki-mass-rebuild
ikiwikiusers
index
install
logo
news Add CVE references for CVE-2016-10026 2016-12-21 13:03:36 +00:00
patch rename patch/highlight_line_numbers.mdwn to todo/highlight_line_numbers.mdwn 2016-01-26 20:05:12 -04:00
plugins consider portier as a successor to OpenID? 2016-11-01 11:56:18 -04:00
post-commit
quotes
rcs Revert spam 2016-08-22 19:11:49 +01:00
roadmap
sandbox Revert test commit to sandbox/discussion 2016-07-28 10:28:25 +01:00
security
setup 2016-06-22 11:35:48 -04:00
shortcuts
smileys
soc
spam_fighting ideas? 2015-03-17 10:28:59 -04:00
tags
templates Remote "test45" template. 2016-01-01 12:23:57 +01:00
themes Arguing more 2016-04-15 08:24:38 -04:00
tips Created 2016-09-24 00:48:51 -04:00
todo rename bugs/img_tag_should_support_relative_size.mdwn to todo/img_tag_should_support_relative_size.mdwn 2016-12-19 12:46:46 -04:00
translation
usage
users 2016-12-14 19:07:00 -04:00
w3mmode
wikiicons Replace email authentication icon with one that is more instantly recognizable 2015-06-09 00:44:31 +01:00
wishlist
GPL
TourBusStop.mdwn
anchor.mdwn
backlinks.mdwn
banned_users.mdwn cloak user PII when making commits etc, and let cloaked PII be used in banned_users 2015-05-14 11:58:21 -04:00
basewiki.mdwn rename openid selector files to login-selector 2015-05-13 17:58:59 -04:00
blog.mdwn despam 2015-01-10 11:23:05 +00:00
branches.mdwn
bugs.mdwn List security contacts 2016-12-19 18:21:07 +00:00
cgi.mdwn
commit-internals.mdwn
competition.mdwn
consultants.mdwn Update my surname to its new legal spelling. 2016-09-14 14:28:01 -04:00
contact.mdwn mention security contacts here too 2016-12-19 16:33:48 -04:00
convert.mdwn mention jekyll-import 2015-02-06 16:33:30 -04:00
css.mdwn
css_market.mdwn link to localstyle after a user struggled for hours to figure out exactly that 2016-04-13 14:37:22 -04:00
download.mdwn Fix Archlinux link 2015-05-08 03:15:31 -04:00
examples.mdwn clarify that theme and css is not only to change stylesheets, but the look in general 2016-04-13 14:38:15 -04:00
favicon.ico
features.mdwn Revert spam 2016-08-22 19:11:49 +01:00
forum.mdwn Revert "removed" 2015-06-07 14:51:13 +01:00
freesoftware.mdwn
git.mdwn Add MagmaSoft's repository for the pageinfo branch of ikiwiki 2016-08-01 10:37:30 -04:00
ikiwiki-calendar.mdwn Standardize on --long-option instead of -long-option 2015-03-01 16:15:01 +00:00
ikiwiki-comment.mdwn add ikiwiki-comment program 2014-10-20 12:08:07 -04:00
ikiwiki-makerepo.mdwn
ikiwiki-mass-rebuild.mdwn
ikiwiki-transition.mdwn
ikiwiki-update-wikilist.mdwn
ikiwiki.mdwn
ikiwikiusers.mdwn svetlana.nfshost 2016-11-17 07:42:50 -04:00
index.mdwn This reverts commit cfc5d5d9ed 2016-05-18 13:55:48 -04:00
install.mdwn
local.css
logo.mdwn
news.mdwn
pagehistory.mdwn Changed `url` to `URL`. ;) 2013-11-24 22:29:36 -04:00
patch.mdwn
plugins.mdwn
podcast.mdwn
post-commit.mdwn
quotes.mdwn
rcs.mdwn
recentchanges.mdwn Revert spam 2016-08-22 19:11:49 +01:00
reviewed.mdwn New inline's same as old, plus plugins/contrib/*. 2016-03-22 14:53:05 -04:00
roadmap.mdwn correct typos 2014-05-10 04:53:12 -04:00
robots.txt
sandbox.mdwn 2016-10-07 07:08:35 -04:00
security.mdwn Try revert operations (on a branch) before approving them 2016-12-28 21:32:12 +00:00
setup.mdwn Revert strange translation of this page to French 2016-07-25 10:44:29 -04:00
shortcuts.mdwn The C2 wiki appears to have moved. 2016-10-23 21:00:36 -04:00
sitemap.mdwn
smileys.mdwn
soc.mdwn
spam_fighting.mdwn identified (partly) last spammer 2015-05-25 13:19:29 -04:00
style.css Restrict CSS matches on .header to not affect <tr> 2016-12-19 18:21:07 +00:00
tags.mdwn
templates.mdwn Add missing backquote. 2016-01-01 12:25:16 +01:00
theme_market.mdwn Added yet another bootstrap theme 2016-04-11 10:15:39 -04:00
themes.mdwn
tipjar.mdwn Update my surname to its new legal spelling. 2016-09-14 14:28:01 -04:00
tips.mdwn
todo.mdwn
translation.mdwn
usage.mdwn clarify that --setup changes the default verb 2015-03-01 11:26:20 -04:00
users.mdwn
w3mmode.mdwn
whyikiwiki.mdwn
wishlist.mdwn