aboutsummaryrefslogtreecommitdiff
path: root/doc/todo/enable-htaccess-files.mdwn
blob: accd96bd72f149ba9142cfbb184494311e2fc3fb (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
    Index: IkiWiki.pm
    ===================================================================
    --- IkiWiki.pm  (revision 2981)
    +++ IkiWiki.pm  (working copy)
    @@ -26,7 +26,7 @@
     memoize("file_pruned");
     
     sub defaultconfig () { #{{{
    -       wiki_file_prune_regexps => [qr/\.\./, qr/^\./, qr/\/\./,
    +       wiki_file_prune_regexps => [qr/\.\./, qr/^\.(?!htaccess)/, qr/\/\.(?!htaccess)/,
                    qr/\.x?html?$/, qr/\.ikiwiki-new$/,
                    qr/(^|\/).svn\//, qr/.arch-ids\//, qr/{arch}\//],
           wiki_link_regexp => qr/\[\[(?:([^\]\|]+)\|)?([^\s\]#]+)(?:#([^\s\]]+))?\]\]/,

[[tag patch]]

This lets the site administrator have a `.htaccess` file in their underlay
directory, say, then get it copied over when the wiki is built. Without
this, installations that are located at the root of a domain don't get the
benefit of `.htaccess` such as improved directory listings, IP blocking,
URL rewriting, authorisation, etc. 

> I'm concerned about security ramifications of this patch. While ikiwiki
> won't allow editing such a .htaccess file in the web interface, it would
> be possible for a user who has svn commit access to the wiki to use it to
> add a .htaccess file that does $EVIL.
> 
> Perhaps this should be something that is configurable via the setup file
> instead. --[[Joey]]