On Saturday 07 March 2009 23.13.57 Christian Ridderström wrote: > Hi, > > For the benefit of the LyX project, I and Bo are looking at using > sourceforge to run the LyX wiki (well, actually the web site). > > At sourceforge, we have to store the wiki pages under a 'persistent' > directory. Now, while setting up a test site, I checked and noticed the > following unfortunate behaviour. > > * It's possible for one project, 'A', to run a PHP-script that can > write to the persistent directory of project 'B'. > > Ooops. >
Omg. I'm surprised, SourceForge should know better. ;-( I suggest that you report this to someone at SF.net ASAP. > Does anyone know of a workaround for this? > I don't. > Is using MySql for storing the pages the a solution? Will that be safe? > Probably not, as you would have to store the MySQL password somewhere. If you stored the password in a PHP script or a .htaccess, the other project could probably read it through a script and save it in that project. > /Christian /Olle Bergkvist _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
