aboutsummaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorJoey Hess <joey@kitenet.net>2011-01-22 10:15:33 -0400
committerJoey Hess <joey@kitenet.net>2011-01-22 10:15:33 -0400
commitdcfeaaad5b6ac478251e37be777de40da4d0909c (patch)
treea0868ee12139cb9e2a53fee94a9fef0de90ad01c /debian
parent5d3998555ffbeb1c20b84dd4cdc46c825c07bec8 (diff)
downloadikiwiki-dcfeaaad5b6ac478251e37be777de40da4d0909c.tar
ikiwiki-dcfeaaad5b6ac478251e37be777de40da4d0909c.tar.gz
comments: Fix XSS security hole due to missing validation of page name.
Values have to be checked against wiki_file_regexp, not just file_pruned. Audited the rest of the code base for similar problems, found none.
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog1
1 files changed, 1 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 36e4a9576..0165a240b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,7 @@ ikiwiki (3.20110106) UNRELEASED; urgency=low
to feed links. (Giuseppe Bilotta)
* inline: Use class rather than id for feedlinks and blogform.
(Giuseppe Bilotta)
+ * comments: Fix XSS security hole due to missing validation of page name.
-- Joey Hess <joeyh@debian.org> Thu, 06 Jan 2011 14:41:34 -0400