[pmwiki-users] Security/information leak in PmWIki
Neil Herber
nospam at mail.eton.ca
Thu Feb 17 13:23:57 CST 2005
At 2005-02-17 01:18 PM -0600, Patrick R. Michaud is rumored to have said:
>Remove the Private group from searches, by adding:
>
> $SearchPatterns['default'][] = '!^Private\.!';
> $SearchPatterns['all'][] = '!^Private\.!';
> $SearchPatterns['normal'][] = '!^Private\.!';
>
> > 3) The AllRecentChanges page exposes all of the editing activity in the
> > Private group.
>
>In local/Private.php, add
>
> unset($RecentChangesFmt['Main.AllRecentChanges']);
These are excellent solutions for me!
Clearly the second bit of PHP code goes into local/Private.php, but exactly
where should I put the search killers? My guess is local/config.php inside
the field.
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list