diff options
| author | intrigeri <intrigeri@boum.org> | 2016-12-17 11:11:44 +0000 |
|---|---|---|
| committer | intrigeri <intrigeri@boum.org> | 2016-12-17 11:11:44 +0000 |
| commit | 706bf876eab25158d34558fc2b0b0979a3dedcbf (patch) | |
| tree | 7b2a6bd847f6140c0a073030ec4f7eaf196f8819 /doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn | |
| parent | bd46db3fb93eaf8c7644704ade0069e84f244e0b (diff) | |
| download | ikiwiki-706bf876eab25158d34558fc2b0b0979a3dedcbf.tar ikiwiki-706bf876eab25158d34558fc2b0b0979a3dedcbf.tar.gz | |
Report authorization bypass via RCS revert.
Diffstat (limited to 'doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn')
| -rw-r--r-- | doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn new file mode 100644 index 000000000..8ac62e554 --- /dev/null +++ b/doc/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed.mdwn @@ -0,0 +1,14 @@ +1. We have a `$srcdir/writable/page.mdwn` source file in Git. +2. ikiwiki is configured to allow edits via the CGI in `writable/*`, + but nowhere else. +2. Modify `$srcdir/writable/page.mdwn`, commit ⇒ commit `$id`. +3. `git mv $srcdir/writable/page.mdwn $srcdir/read-only/page.mdwn` + +⇒ The web interface allows reverting commit `$id` (presumably because +it changes files only in `$srcdir/writable`). This operation +effectively modifies `$srcdir/read-only/page.mdwn`, which feels wrong. +My guess is that `check_canchange` does not take into account that Git +will automatically detect that the file affected by the to-be-reverted +commit has moved, and modify the file in its new location +when reverting. + |