Searched hist:c77fa67b50d49455e3b518eeb2bcbd0531d07165 (Results 1 – 1 of 1) sorted by relevance
| /dokuwiki/lib/exe/ |
| H A D | xmlrpc.php | c77fa67b50d49455e3b518eeb2bcbd0531d07165 Tue Mar 16 14:33:58 UTC 2010 Michael Hamann <michael@content-space.de> Use md5sum of id and client ip as temporary filename in XML-RPC
Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.
|