Not logged in. · Lost password · Register
Forum: Announcements and Rules RSS
Security problem in DokuWiki
Fix your installs immediately!
Avatar
andi (Administrator) #1
User title: splitbrain
Member since May 2006 · 3411 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Subject: Security problem in DokuWiki
Hello everybody!

Bad news: Stefan Esser from the Hardened-PHP project found a security problem in DokuWiki's spellchecking backend which allows insertion of arbitrary PHP code. This is a serious flaw and you should fix this immediatly.

Users who don't use the spellchecking feature can fix the bug by simply deleting the lib/exe/spellcheck.php file.

Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823

The package available for download at http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another minor XSS bug described at http://bugs.splitbrain.org/?do=details&id=820

Regards,
Andi
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
koko #2
Member since May 2006 · 161 posts · Location: Zonhoven Belgium
Group memberships: Members
Show profile · Link to this post
hi Andi,

How about the dev-version? Is a patch available?
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
Avatar
andi (Administrator) #3
User title: splitbrain
Member since May 2006 · 3411 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Yes of course. All problems are fixed in the devel version first and are then backported to latest stable release if needed. Just use darcs to fix your devel version.
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Avatar
koko #4
Member since May 2006 · 161 posts · Location: Zonhoven Belgium
Group memberships: Members
Show profile · Link to this post
hi,

I saw it this morning. I was just way too fast with my question ;-)

PS Did you get my email? I have to skin 3 wikis the same way, so if you have a good way to fix the problems...
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-04-26, 00:43:02 (UTC +02:00)