improve fix for symlink attacks to check subdirectories for symlinks too

before writing
author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-03-29 18:50:36 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2006-03-29 18:50:36 +0000
commit: efe91335c65b96f3eb8b32d8c58c9cce68db47b4 (patch)
tree: 252c7b1a8af828b09e34c4d549975b71ca41831d /doc
parent: 2a16e15122574cca9c5b52ccfc46a022a71e25dc (diff)
download: ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar
ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn
index 0f8861d0d..3743adea1 100644
--- a/doc/security.mdwn
+++ b/doc/security.mdwn
@@ -161,7 +161,8 @@ page from the web, which follows the symlink when reading the page, and
 again when saving the changed page.
 
 This was fixed by making ikiwiki refuse to read or write to files that are
-symlinks, combined with the above locking.
+symlinks, or that are in subdirectories that are symlinks, combined with
+the above locking.
 
 ## underlaydir override attacks
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-03-29 18:50:36 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2006-03-29 18:50:36 +0000
commit	efe91335c65b96f3eb8b32d8c58c9cce68db47b4 (patch)
tree	252c7b1a8af828b09e34c4d549975b71ca41831d /doc
parent	2a16e15122574cca9c5b52ccfc46a022a71e25dc (diff)
download	ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar ikiwiki-efe91335c65b96f3eb8b32d8c58c9cce68db47b4.tar.gz