aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-02-10 20:37:36 +0000
committerjoey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>2007-02-10 20:37:36 +0000
commit29e6ff03b078a0c6abb659c9e81343d523d3b13a (patch)
treea628793a36bdd921bd1e89ff4318ac243d1dc4fe
parentcb7d6a88adef4bec348f0e43fbd3dc98b4c25b05 (diff)
downloadikiwiki-29e6ff03b078a0c6abb659c9e81343d523d3b13a.tar
ikiwiki-29e6ff03b078a0c6abb659c9e81343d523d3b13a.tar.gz
* Fix a security hole that allowed a web user to edit images and other
non-page format files in the wiki. To exploit this, the file already had to exist in the wiki, and the web user would need to somehow use the web based editor to replace it with malicious content. (Sorry Josh, this means you can't edit style.css directly anymore, although I do appreciate your fixes, actually..)
Diffstat
-rw-r--r--IkiWiki/CGI.pm3
-rw-r--r--debian/changelog10
-rw-r--r--po/bg.po17
-rw-r--r--po/cs.po17
-rw-r--r--po/es.po17
-rw-r--r--po/fr.po17
-rw-r--r--po/gu.po17
-rw-r--r--po/ikiwiki.pot17
-rw-r--r--po/pl.po17
-rw-r--r--po/sv.po17
-rw-r--r--po/vi.po17
11 files changed, 110 insertions, 56 deletions
diff --git a/IkiWiki/CGI.pm b/IkiWiki/CGI.pm
index a8e610e2d..6c489df8d 100644
--- a/IkiWiki/CGI.pm
+++ b/IkiWiki/CGI.pm
@@ -323,6 +323,9 @@ sub cgi_editpage ($$) { #{{{
if (exists $pagesources{$page}) {
$file=$pagesources{$page};
$type=pagetype($file);
+ if (! defined $type) {
+ error(sprintf(gettext("%s is not an editable page"), $page));
+ }
}
else {
$type=$form->param('type');
diff --git a/debian/changelog b/debian/changelog
index d3ec481f8..13293d863 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -25,8 +25,14 @@ ikiwiki (1.42) UNRELEASED; urgency=low
to be used as close to public domain as possible.
* viewcvs is now viewvc (in Debian unstable), update everything to use the
new name.
-
- -- Joey Hess <joeyh@debian.org> Fri, 9 Feb 2007 00:27:59 -0500
+ * Fix a security hole that allowed a web user to edit images and other
+ non-page format files in the wiki. To exploit this, the file already had
+ to exist in the wiki, and the web user would need to somehow use the web
+ based editor to replace it with malicious content.
+ (Sorry Josh, this means you can't edit style.css directly anymore,
+ although I do appreciate your fixes, actually..)
+
+ -- Joey Hess <joeyh@debian.org> Sat, 10 Feb 2007 15:09:51 -0500
ikiwiki (1.41) unstable; urgency=low
diff --git a/po/bg.po b/po/bg.po
index b61ec6ca4..b457f0f82 100644
--- a/po/bg.po
+++ b/po/bg.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki-bg\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-12 01:19+0200\n"
"Last-Translator: Damyan Ivanov <dam@modsodtsys.com>\n"
"Language-Team: Bulgarian <dict@fsa-bg.org>\n"
@@ -24,28 +24,33 @@ msgstr "Първо трябва да влезете."
msgid "Preferences saved."
msgstr "Предпочитанията са запазени."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "дискусия"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "създаване на %s"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "промяна на %s"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Достъпът ви е забранен."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
diff --git a/po/cs.po b/po/cs.po
index e19209872..98b912e62 100644
--- a/po/cs.po
+++ b/po/cs.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-07 11:59+0100\n"
"Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
"Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
@@ -23,28 +23,33 @@ msgstr "Nejprve se musíte přihlásit."
msgid "Preferences saved."
msgstr "Nastavení uloženo."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "diskuse"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "vytvářím %s"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "upravuji %s"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Jste vyhoštěni."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
diff --git a/po/es.po b/po/es.po
index 54681f741..cd28bd094 100644
--- a/po/es.po
+++ b/po/es.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-03 09:37+0100\n"
"Last-Translator: Víctor Moral <victor@taquiones.net>\n"
"Language-Team: spanish <es@li.org>\n"
@@ -24,28 +24,33 @@ msgstr "Antes es necesario identificarse"
msgid "Preferences saved."
msgstr "Las preferencias se han guardado."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "comentarios"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "creando página %s"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "modificando página %s"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Ha sido expulsado."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
diff --git a/po/fr.po b/po/fr.po
index 7651ed9f7..bcf864f9c 100644
--- a/po/fr.po
+++ b/po/fr.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-22 22:12+0100\n"
"Last-Translator: Jean-Luc Coulon (f5ibh) <jean-luc.coulon@wanadoo.fr>\n"
"Language-Team: French <debian-l10n-french@lists.debian.org>\n"
@@ -25,28 +25,33 @@ msgstr "Vous devez d'abord vous identifier."
msgid "Preferences saved."
msgstr "Les préférences ont été enregistrées."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "Discussion"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "Création de %s"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "Édition de %s"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Vous avez été banni."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
"Échec de l'identification, vous devriez peut-être autoriser les cookies."
diff --git a/po/gu.po b/po/gu.po
index 7c80d1da5..8739a7804 100644
--- a/po/gu.po
+++ b/po/gu.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki-gu\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-11 16:05+0530\n"
"Last-Translator: Kartik Mistry <kartik.mistry@gmail.com>\n"
"Language-Team: Gujarati <team@utkarsh.org>\n"
@@ -23,28 +23,33 @@ msgstr "તમારે પ્રથમ લોગ ઇન થવું પડશ
msgid "Preferences saved."
msgstr "પ્રાથમિકતાઓ સંગ્રહાઇ."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "ચર્ચા"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "%s બનાવે છે"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "%s સુધારે છે"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "તમારા પર પ્રતિબંધ છે."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
diff --git a/po/ikiwiki.pot b/po/ikiwiki.pot
index 296aab6db..9dfa1dc0c 100644
--- a/po/ikiwiki.pot
+++ b/po/ikiwiki.pot
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
@@ -24,28 +24,33 @@ msgstr ""
msgid "Preferences saved."
msgstr ""
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr ""
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr ""
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr ""
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr ""
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
diff --git a/po/pl.po b/po/pl.po
index 4e23cf434..496a4117e 100644
--- a/po/pl.po
+++ b/po/pl.po
@@ -8,7 +8,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki 1.37\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-05 16:33+100\n"
"Last-Translator: Paweł Tęcza <ptecza@net.icm.edu.pl>\n"
"Language-Team: Debian L10n Polish <debian-l10n-polish@lists.debian.org>\n"
@@ -24,28 +24,33 @@ msgstr "Konieczne jest zalogowanie się."
msgid "Preferences saved."
msgstr "Ustawienia zostały zapisane."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "dyskusja"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "tworzenie strony %s"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "edycja strony %s"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Dostęp został zabroniony przez administratora."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
diff --git a/po/sv.po b/po/sv.po
index 2263152c0..786cbad5e 100644
--- a/po/sv.po
+++ b/po/sv.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-10 23:47+0100\n"
"Last-Translator: Daniel Nylander <po@danielnylander.se>\n"
"Language-Team: Swedish <tp-sv@listor.tp-sv.se>\n"
@@ -23,28 +23,33 @@ msgstr "Du måste logga in först."
msgid "Preferences saved."
msgstr "Inställningar sparades."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "diskussion"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "skapar %s"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "redigerar %s"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Du är bannlyst."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
diff --git a/po/vi.po b/po/vi.po
index 3f8741522..e69a161ef 100644
--- a/po/vi.po
+++ b/po/vi.po
@@ -6,7 +6,7 @@ msgid ""
msgstr ""
"Project-Id-Version: ikiwiki\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2007-02-08 14:47-0500\n"
+"POT-Creation-Date: 2007-02-10 15:26-0500\n"
"PO-Revision-Date: 2007-01-13 15:31+1030\n"
"Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
"Language-Team: Vietnamese <vi-VN@googlegroups.com>\n"
@@ -24,28 +24,33 @@ msgstr "Trước tiên bạn cần phải đăng nhập."
msgid "Preferences saved."
msgstr "Tùy thích đã được lưu."
-#: ../IkiWiki/CGI.pm:412 ../IkiWiki/Plugin/brokenlinks.pm:24
+#: ../IkiWiki/CGI.pm:327
+#, perl-format
+msgid "%s is not an editable page"
+msgstr ""
+
+#: ../IkiWiki/CGI.pm:415 ../IkiWiki/Plugin/brokenlinks.pm:24
#: ../IkiWiki/Plugin/inline.pm:164 ../IkiWiki/Plugin/opendiscussion.pm:17
#: ../IkiWiki/Plugin/orphans.pm:28 ../IkiWiki/Render.pm:97
#: ../IkiWiki/Render.pm:165
msgid "discussion"
msgstr "thảo luận"
-#: ../IkiWiki/CGI.pm:457
+#: ../IkiWiki/CGI.pm:460
#, perl-format
msgid "creating %s"
msgstr "đang tạo %s"
-#: ../IkiWiki/CGI.pm:474 ../IkiWiki/CGI.pm:517
+#: ../IkiWiki/CGI.pm:477 ../IkiWiki/CGI.pm:520
#, perl-format
msgid "editing %s"
msgstr "đang sửa %s"
-#: ../IkiWiki/CGI.pm:625
+#: ../IkiWiki/CGI.pm:628
msgid "You are banned."
msgstr "Bạn bị cấm ra."
-#: ../IkiWiki/CGI.pm:657
+#: ../IkiWiki/CGI.pm:660
msgid "login failed, perhaps you need to turn on cookies?"
msgstr ""
generated by cgit v1.2.3 (git 2.25.4) at 2024-06-26 17:43:05 +0000