aboutsummaryrefslogtreecommitdiff
path: root/doc/security.mdwn
Commit message (Collapse)AuthorAge
* note fix versionsJoey Hess2008-11-12
|
* check for invalid utf-8, and toss it back to avoid crashesJoey Hess2008-11-12
| | | | | | | | | | | | | | | | | | | | | | Since ikiwiki uses open :utf8, perl assumes that files contain valid utf-8. If it turns out to be malformed it may later crash while processing strings read from them, with 'Malformed UTF-8 character (fatal)'. As at least a quick fix, use utf8::valid as soon as data is read, and if it's not valid, call encode_utf8 on the string, thus clearing the utf-8 flag. This may cause follow-on encoding problems, but will avoid this crash, and the input file was broken anyway, so GIGO is a reasonable response. (I looked at calling decode_utf8 after, but it seemed to cause more trouble than it was worth. BTW, use open ':encoding(utf8)' avaoids this problem, but the corrupted data later causes Storable to crash when writing the index.) This is a quick fix, clearly imperfect: - It might be better to explicitly call decode_utf8 when reading files, rather than using the IO layer. - Data read other than by readfile() can still sneak in bad utf-8. While ikiwiki does very little file input not using it, stdin for the CGI would be one way.
* remove ikiwiki.setupJoey Hess2008-07-26
| | | | | | To generate your own, use ikiwiki -dumpsetup ikiwiki.setup Update docs.
* Migrate everything else via prefix_directivesSimon McVittie2008-07-21
| | | | | | This is a partial commit of: egrep -rl '\[\[[a-z]+ ' doc | xargs --max-args 1 ./ikiwiki-transition prefix_directives
* updateJoey Hess2008-07-02
|
* cve idJoey Hess2008-05-31
|
* fix linkJoey Hess2008-05-30
|
* more on the security holeJoey Hess2008-05-30
|
* documentation for use of hashed passwordsJoey Hess2008-05-29
| | | | Everything but the actual coding to support them.
* add CVE linkJoey Hess2008-04-20
|
* releasing version 2.42Joey Hess2008-04-10
|
* Fix CSRF attacks against the preferences and edit forms. Closes: #475445Joey Hess2008-04-10
| | | | | | | | | | | | | | | | | | | | | | | | | The fix involved embedding the session id in the forms, and not allowing the forms to be submitted if the embedded id does not match the session id. In the case of the preferences form, if the session id is not embedded, then the CGI parameters are cleared. This avoids a secondary attack where the link to the preferences form prefills password or other fields, and the user hits "submit" without noticing these prefilled values. In the case of the editpage form, the anonok plugin can allow anyone to edit, and so I chose not to guard against CSRF attacks against users who are not logged in. Otherwise, it also embeds the session id and checks it. For page editing, I assume that the user will notice if content or commit message is changed because of CGI parameters, and won't blndly hit save page. So I didn't block those CGI paramters. (It's even possible to use those CGI parameters, for good, not for evil, I guess..) The only other CSRF attack I can think of in ikiwiki involves the poll plugin. It's certianly possible to set up a link that causes the user to unknowingly vote in a poll. However, the poll plugin is not intended to be used for things that people would want to attack, since anyone can after all edit the poll page and fill in any values they like. So this "attack" is ignorable.
* fix what I think is a typoJoey Hess2008-04-10
|
* add CVE idsJoey Hess2008-02-20
|
* some updates about the recent holeJoey Hess2008-02-10
|
* a few thoughts on data: securityJoey Hess2008-02-10
|
* document security fixJoey Hess2008-02-10
| | | | | The backported fix for stable is tagged and waiting for the security team to upload.
* typoJoey Hess2007-12-22
|
* moreJoey Hess2007-11-27
|
* remove svn-ismsJoey Hess2007-11-27
|
* add some documentation about how to safely allow multiple committers to anJoey Hess2007-11-27
| | | | ikiwiki git repository
* releasing version 2.14Joey Hess2007-11-26
|
* * Fix a security hole that allowed insertion of unsafe content via the metajoey2007-03-21
| | | | | | | | | | plugins's support for inserting html link and meta tags. Now such content is passed through the htmlscrubber like everything else. * Unfortunatly, that means that some valid uses of those tags are no longer usable, and special case methods needed to be added for including stylesheets, and for doing openid delegation. If you use either of these in your wiki, it will need to be modified. See the meta plugin docs for details.
* * Fix a few bugs around page titles containing html. The worst of thesejoey2007-03-21
| | | | | is an actual security hole as it allows insertion of html into the title element of a page, which is not processed by the htmlscrubber.
* document recent security holejoey2007-02-14
|
* web commit by JeremyReed: typo fixjoey2006-12-27
|
* web commit by http://id.kurokatta.org/david: Copyedit.joey2006-11-21
|
* some notes about the security (or lack thereof) of pluginsjoey2006-10-22
|
* * Add toc (table of contents) plugin.joey2006-08-28
|
* updatejoey2006-08-28
|
* * Patch from James Westby to add a --sslcookie switch, which forcesjoey2006-08-27
| | | | | | | cookies to only be sent over ssl connections to avoid interception. * Factor out the cgi header printing code into a new function. * Fix preferences page on anonok wikis; still need to sign in to get to the preferences page.
* * Allow preprocessor directives to contain python-like triple-quotedjoey2006-08-23
| | | | | | | text blocks, for easy nesting of quotes inside. * Add a template plugin. * Use the template plugin to add infoboxes to each plugin page listing basic info about the plugin.
* updatejoey2006-08-18
|
* misc changesjoey2006-08-05
|
* releasing version 1.13joey2006-08-02
|
* security notejoey2006-07-30
|
* web commit by ThomasSchwinge: Typo fixes.www-data2006-07-02
|
* web commit by joeywww-data2006-07-02
|
* * Parse svn log as xml for improved utf8 and security. Note that this makesjoey2006-07-02
| | | | ikiwiki depend on XML::Simple. Patch by Faidon Liambotis.
* * More security review.joey2006-06-01
|
* typojoey2006-05-26
|
* * Removed --sanitize and --no-sanitize, replaced with --plugin htmlscrubberjoey2006-05-05
| | | | and --disable-plugin htmlscrubber.
* * Added plugin system, currently only supporting for PreProcessorDirectives.joey2006-05-02
| | | | | | | | | | | * Added a pagecount plugin, enabled by default. * Support PreProcessorDirectives with no parameters, ie "[[pagecount ]]". * Fixed/optimised backlinks code, to avoid rebuilding pages to update backlinks when the backlinks hadn't really changed. * Moved inline page support, rss generation etc into the inline plugin, enabled by default. * Added brokenlinks plugin, not enabled by default, but rather handy. * Fix several broken links in the doc wiki.
* web commit by joeywww-data2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* security updatejoey2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* web commit by joeywww-data2006-04-25
|
* implemented html sanitisationjoey2006-04-25
|