[pmwiki-users] Security/information leak in PmWIki

Patrick R. Michaud pmichaud at pobox.com
Thu Feb 17 13:51:59 CST 2005


On Thu, Feb 17, 2005 at 02:23:57PM -0500, Neil Herber wrote:
> At 2005-02-17  01:18 PM -0600, Patrick R. Michaud is rumored to have said:
> >Remove the Private group from searches, by adding:
> >
> >   $SearchPatterns['default'][] = '!^Private\.!';
> >   $SearchPatterns['all'][] = '!^Private\.!';
> >   $SearchPatterns['normal'][] = '!^Private\.!';
> >
> >> 3) The AllRecentChanges page exposes all of the editing activity in the
> >> Private group.
> >
> >In local/Private.php, add
> >
> >   unset($RecentChangesFmt['Main.AllRecentChanges']);
> 
> These are excellent solutions for me!
> 
> Clearly the second bit of PHP code goes into local/Private.php, but exactly 
> where should I put the search killers? My guess is local/config.php inside 
> the field.

Yes, the search killers need to be global (local/config.php in the field) 
to be effective. 

Pm



More information about the pmwiki-users mailing list