[pmwiki-users] Security/information leak in PmWIki

Neil Herber nospam at mail.eton.ca
Thu Feb 17 19:52:51 CST 2005


At 2005-02-17  04:02 PM -0600, Patrick R. Michaud is rumored to have said:
> > One unexpected side effect of this code is that the (:pagelist:) markup no
> > longer lists the Private pages. That is fine outside the Private group, 
> but
> > it would be convenient if it worked inside the Private group. Not a show
> > stopper, and much better than having the names exposed.
>
>Change your config.php to read:
>
>     if (strncmp($pagename, 'Private.', 8) != 0) {
>         $SearchPatterns['default'][] = '!^Private\.!';
>         $SearchPatterns['all'][] = '!^Private\.!';
>         $SearchPatterns['normal'][] = '!^Private\.!';
>     }
>
>This excludes the Private group from searches only if you're not
>already in the Private group.  :-)


This did not work .... but this did:

     if (strncmp($pagename, 'Private', 7) != 0) {

I have no idea why.   :-/



Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 




More information about the pmwiki-users mailing list