[pmwiki-users] Security/information leak in PmWIki
Patrick R. Michaud
pmichaud at pobox.com
Thu Feb 17 13:51:59 CST 2005
On Thu, Feb 17, 2005 at 02:23:57PM -0500, Neil Herber wrote:
> At 2005-02-17 01:18 PM -0600, Patrick R. Michaud is rumored to have said:
> >Remove the Private group from searches, by adding:
> >
> > $SearchPatterns['default'][] = '!^Private\.!';
> > $SearchPatterns['all'][] = '!^Private\.!';
> > $SearchPatterns['normal'][] = '!^Private\.!';
> >
> >> 3) The AllRecentChanges page exposes all of the editing activity in the
> >> Private group.
> >
> >In local/Private.php, add
> >
> > unset($RecentChangesFmt['Main.AllRecentChanges']);
>
> These are excellent solutions for me!
>
> Clearly the second bit of PHP code goes into local/Private.php, but exactly
> where should I put the search killers? My guess is local/config.php inside
> the field.
Yes, the search killers need to be global (local/config.php in the field)
to be effective.
Pm
More information about the pmwiki-users
mailing list