[pmwiki-users] Security/information leak in PmWIki

Neil Herber nospam at mail.eton.ca
Thu Feb 17 13:23:57 CST 2005


At 2005-02-17  01:18 PM -0600, Patrick R. Michaud is rumored to have said:
>Remove the Private group from searches, by adding:
>
>    $SearchPatterns['default'][] = '!^Private\.!';
>    $SearchPatterns['all'][] = '!^Private\.!';
>    $SearchPatterns['normal'][] = '!^Private\.!';
>
> > 3) The AllRecentChanges page exposes all of the editing activity in the
> > Private group.
>
>In local/Private.php, add
>
>    unset($RecentChangesFmt['Main.AllRecentChanges']);

These are excellent solutions for me!

Clearly the second bit of PHP code goes into local/Private.php, but exactly 
where should I put the search killers? My guess is local/config.php inside 
the field.


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 




More information about the pmwiki-users mailing list