Searched hist:eff795ac6482d5885761f6688ce183c66becd7e1 (Results 1 – 1 of 1) sorted by relevance
| /dokuwiki/lib/exe/ |
| H A D | xmlrpc.php | eff795ac6482d5885761f6688ce183c66becd7e1 Sun Jan 16 12:30:49 UTC 2011 Michael Hamann <michael@content-space.de> Fix several security issues in the XML-RPC interface
For locks and getRevisions there hasn't been any acl check. In many
other cases the id hadn't been cleaned before the acl check was done
which means that many acl rules that should be applied weren't applied.
So e.g. when you have read permissions for the root namespace but not
for a subnamespace you could add a leading ":" and the permissions for
the root namespace will be used instead of the permissions for the
subnamespace. This did not apply to writing pages and reading media
files, but writing and deleting media files have been concerned as well
as reading both plain and html versions of pages.
This only concerns installations where XML-RPC is enabled (default is
disabled) and XML-RPC is allowed for all or untrusted users.
|