[Phoenix-pm] Bill's Security Question
Douglas E. Miles
doug at veritablesoftware.com
Fri Sep 3 18:19:12 PDT 2010
Bill,
Unless I misunderstood what you were saying last night, you actually
can't do anything nasty through the wiki page naming mechanism. I just
created a page named 'rm -rf *' and it happily created a page with that
name with no ill effects. Also I should mention that the path
normalization code prevent you from going above the specified root
directory. Sorry I didn't think this through last night, but we got some
good humor out of it anyway. :)
More information about the Phoenix-pm
mailing list