[Moin-user] Excluding twikidraw and anywikidraw
Kai Jaeger
kai at aplteam.com
Sat Dec 29 10:26:25 EST 2012
??
I haven't changed anything since I wrote the mail, and it still works for me.
I am gastly flubbered ;)
On Sat, Dec 29, 2012 at 3:09 PM, Thomas Waldmann <tw at waldmann-edv.de> wrote:
> On Sat, 2012-12-29 at 08:56 +0000, Kai Jaeger wrote:
>> I've done exactly what was suggested to fix the security issue:
>>
>> actions_excluded = ['newaccount', 'RenderAsDocbook', 'SyncPages',
>> 'xmlrpc', 'PackagePages', 'Raw Text', 'twikidraw', 'anywikidraw', ]
>>
>> but the page is rendered without an error message, see the bottom of this page
>>
>> http://sandbox.aplwiki.com/TestPage1
>
> I get "unknown action twikidraw" now, so it looks like you found why it
> did not work.
>
> You may want to read SecurityFixes again, there were more changes
> recently.
>
More information about the Moin-user
mailing list