[pmwiki-users] Security/information leak in PmWIki
Neil Herber
nospam at mail.eton.ca
Thu Feb 17 19:52:51 CST 2005
At 2005-02-17 04:02 PM -0600, Patrick R. Michaud is rumored to have said:
> > One unexpected side effect of this code is that the (:pagelist:) markup no
> > longer lists the Private pages. That is fine outside the Private group,
> but
> > it would be convenient if it worked inside the Private group. Not a show
> > stopper, and much better than having the names exposed.
>
>Change your config.php to read:
>
> if (strncmp($pagename, 'Private.', 8) != 0) {
> $SearchPatterns['default'][] = '!^Private\.!';
> $SearchPatterns['all'][] = '!^Private\.!';
> $SearchPatterns['normal'][] = '!^Private\.!';
> }
>
>This excludes the Private group from searches only if you're not
>already in the Private group. :-)
This did not work .... but this did:
if (strncmp($pagename, 'Private', 7) != 0) {
I have no idea why. :-/
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list