This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests
are now tracked at the issue tracker at Github.
Closed
Fixed
FS#989 Access to subdirectories inc and lib
Security
2006-11-23helfor
The subdirectories inc and lib are not protected by .htaccess and therefore they are browseable by the public.
Maybe this could lead to a security problem if I call one of the files directly providing special and nasty arguments.
Fix: Just protect inc/lib
2006-11-23andi
You're right about the inc directory. For some reason the .htaccess file was not checked in to the darcs repository. This is fixed now,
Everybody who wants to fix this in a existing install should create a .htaccess file in the inc directory with the following contents:
## no access to the inc directory
order allow,deny
deny from all
The lib directory needs to be accessible from the outside because it contains scripts and media files which need to be called directly from the browser.
2006-11-23andi
fixed in devel
2008-08-02jheckmann
There is a section in http://wiki.splitbrain.org/wiki:security about moving /lib out of document root. If that is incorrect, you need to change it, especially since you make a point of sending people to that page for answers about Dokuwiki security.
2008-08-04jheckmann
There is a section in http://wiki.splitbrain.org/wiki:security about moving /lib out of document root. If that is incorrect, you need to change it, especially since you make a point of sending people to that page for answers about Dokuwiki security.