On Sun, May 9, 2010 at 6:45 PM, Petko Yotov <5...@free.fr> wrote: > On Sunday 09 May 2010 23:33:20, ki...@kirpi.it wrote : > > Just found: http://twitter.com/mushy99/statuses/13634155996 > > Is it of any interest? > > > > Indeed, that's a way to insert potentially harmful JavaScripts in the page. > I > have immediately fixed it and just released version 2.2.16. >
Did that vulnerability exist in all previous versions of PmWiki? Am I right in thinking that it would not be a problem, in practice, in a wiki that was 'locked down' for editing by only a trusted few -- i.e. that one must have edit access to at least one page of the site in order to insert the malicious code? Thanks, as always, for everything you do! Tegan
_______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
