[pmwiki-users] RSS Security issue

Crisses crisses at kinhost.org
Sun Apr 17 04:55:24 CDT 2005


When I have RSS enabled and Main/Blocklist is in the RecentChanges 
page, but is edit & read passworded, it still shows up in the RSS feed.

ie http://www.kinhost.org/wiki/Main/RecentChanges?action=rss


<?xml version="1.0"?>
   <rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
     <channel>
       <title>Kinhost Wiki | Main / RecentChanges</title>
       <link>http://www.kinhost.org/wiki/Main/RecentChanges</link>
       <description>Main.RecentChanges</description>
       <lastBuildDate>Sun, 17 Apr 2005 08:13:40 GMT</lastBuildDate>
       <generator>pmwiki-2.0.beta26</generator>
         <item>
           <title>Main / Blocklist</title>
           <link>http://www.kinhost.org/wiki/Main/Blocklist</link>
           <description>block:frwh.net
block:pmlove.com
block:homesexsearch
block:83.65.7.162
block:vladimir.ru
block:wagoo.com
block:011sex.com
block:129.132.9.*
block:136.159.133.*
block:148.244.150.*
block:17train.com
block:194.186.150.*
block:195.128.137.*
block:211.102.104.*
block:211.147.232.*
block:212.65.211.*
block:212.98.176.*
block:213.91.217.*
block:217.70.127.*
block:218.108.41.*
block:218.2.66.*
  ...</description>
           <dc:contributor>XES</dc:contributor>
           <dc:date>2005-04-17T08:13Z</dc:date>
         </item>


(snipped the rest of the xml)

This page is passworded via /local/Main.Blocklist.php



Crisses
-- 
"But what of encouraging a child to strive for athletic or scholastic 
excellence?  That is something I know I will do.  Will it be for my 
child's own good, or will I also be motivated by my own pride and 
desire for success?  Those are not simple questions.  Even when I do 
something as minor as limiting my toddler's exposure to Barney, the 
television personality children love and adults love to hate, I have to 
wonder:  Who am I doing it for?"
  -- excerpt from "Nursery Crimes" by Robert M. Sapolsky, The Sciences, 
May 1999 v39 i3 p20.




More information about the pmwiki-users mailing list