Hello, on the page of the dir plugin:
http://www.dokuwiki.org/plugin:dir
.. it is stated:
"XSS vulnerability allows arbitrary JavaScript insertion. Author informed on 2009-06-16."
Now this is a good half year ago.
How severe is this vulnerability?
Are there so few people who use it?
Is it so difficult to fix?
My application is a simple table-of-contents for a kind of blog, i.e. a list of all pages in a namespace; I first believed the 'blog' plugin provided this list, but it includes the complete content of any page in the namespace.
Update: I tried the nspages plugin, this does the job but it does not show tags nor Author or date.
So my request would be a pagelist-plugin (Page, Date, Author) that displays the namespaces pages.
Any Hints?