Searched hist:"6 fc3aa1afd3b25c8ada5bd8245997e0fa3a8cdee" (Results 1 – 1 of 1) sorted by relevance
| /dokuwiki/lib/exe/ |
| H A D | xmlrpc.php | 6fc3aa1afd3b25c8ada5bd8245997e0fa3a8cdee Mon Nov 16 22:05:23 UTC 2009 Andreas Gohr <andi@splitbrain.org> Security Fix: do not allow skipacl in XMLRPC
Ignore-this: 517a7546aab86c5370cccf1aa2171490
Parameters passed to dokuwiki.getPagelist and wiki.getAttachments could
contain the option "skipacl" which would prevent ACL checking. This
could leak information about usually non-readable files (like filenames,
sizes and so on). The content of the files was not accessible.
XMLRPC is disabled by default.
darcs-hash:20091116220523-7ad00-0fa8a9a7a52076619c6836738f9a1f00a6dafe27.gz
|