• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Input from Ben Wheeler

The rewrite rule should be

   RewriteEngine on
   RewriteCond %{REQUEST_URI} !^/+twiki/+pub/+TWiki/+.+
   RewriteRule ^/+twiki/+pub/+([^/]+)/+((([^/]+)/+)+)(.+) /twiki/bin/viewfile/$1/$4?filename=$5 [L,PT]

to protect also when a person uses // and /../ etc

And also for protecting subwebs

I am actioning. Also on t.o.

-- KJL

Done

I edited TWiki:TWiki.TWikiAccessControl, TWiki04:TWiki.TWikiAccessControl, and TWiki:Codev.KnownIssuesOfTWiki04x00x00

I added the wrong Item number on SVN11203. I have added the ref here and removed it from the other bug report.

Ready for release. And in the bucket for Hotfix 3

-- KJL

ItemTemplate
Summary TWikiAccessControl topic does not describe a safe protection with viewfile
ReportedBy TWiki:Main.KennethLavrsen
Codebase 4.0.0, 4.0.2, 4.0.4, ~twiki4, 4.0.1, 4.0.3
SVN Range TWiki-4.1-beta1, Mon, 24 Jul 2006, build 11161
AppliesTo Engine
Component

Priority Urgent
CurrentState Closed
WaitingFor

Checkins 11201 11202 11203
TargetRelease patch
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r7 - 2006-11-14 - KennethLavrsen
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback