CINXE.COM

Dokuwiki Security [Bouthors.fr]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> Dokuwiki Security [Bouthors.fr] </title> <meta name="generator" content="DokuWiki"/> <meta name="robots" content="index,follow"/> <meta name="date" content="2011-10-04T22:16:13+0200"/> <meta name="keywords" content="en,en:linux,en:server,en:web,en:wiki"/> <link rel="search" type="application/opensearchdescription+xml" href="/wiki/lib/exe/opensearch.php" title="Bouthors.fr"/> <link rel="start" href="/wiki/"/> <link rel="contents" href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=index" title="Sitemap"/> <link rel="alternate" type="application/rss+xml" title="Recent Changes" href="/wiki/feed.php"/> <link rel="alternate" type="application/rss+xml" title="Current Namespace" href="/wiki/feed.php?mode=list&amp;ns=en:linux:dokuwiki"/> <link rel="alternate" type="text/html" title="Plain HTML" href="/wiki/doku.php?do=export_xhtml&amp;id=en:linux:dokuwiki:secu"/> <link rel="alternate" type="text/plain" title="Wiki Markup" href="/wiki/doku.php?do=export_raw&amp;id=en:linux:dokuwiki:secu"/> <link rel="canonical" href="http://www.bouthors.fr/wiki/doku.php?id=en:linux:dokuwiki:secu"/> <link rel="stylesheet" media="screen" type="text/css" href="/wiki/lib/exe/css.php?t=arctic-mbo&amp;tseed=1358768986"/> <link rel="stylesheet" media="all" type="text/css" href="/wiki/lib/exe/css.php?s=all&amp;t=arctic-mbo&amp;tseed=1358768986"/> <link rel="stylesheet" media="print" type="text/css" href="/wiki/lib/exe/css.php?s=print&amp;t=arctic-mbo&amp;tseed=1358768986"/> <script type="text/javascript"><!--//--><![CDATA[//><!-- var NS='en:linux:dokuwiki';var JSINFO = {"id":"en:linux:dokuwiki:secu","namespace":"en:linux:dokuwiki"}; //--><!]]></script> <script type="text/javascript" charset="utf-8" src="/wiki/lib/exe/js.php?tseed=1358768986&amp;lang=en"></script> <script type="text/javascript"><!--//--><![CDATA[//><!-- var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www."); document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E")); //--><!]]></script> <script type="text/javascript"><!--//--><![CDATA[//><!-- var pageTracker = _gat._getTracker("UA-9743093-1"); pageTracker._initData(); pageTracker._trackPageview(); //--><!]]></script> <link rel="shortcut icon" href="/wiki/lib/tpl/arctic-mbo/images/favicon.ico" /> </head> <body> <div id="wrapper"> <div class="dokuwiki"> <div class="stylehead"> <div class="header"> <div class="pagename"> <a href="/wiki/doku.php" name="dokuwiki__top" id="dokuwiki__top" title="start">Bouthors.fr</a> &raquo; <a href="/wiki/doku.php?id=en:start" title="en:start">English</a> &raquo; <a href="/wiki/doku.php?id=en:linux:start" title="en:linux:start">Linux</a> &raquo; <a href="/wiki/doku.php?id=en:linux:dokuwiki" title="en:linux:dokuwiki">DokuWiki</a> &raquo; <a href="/wiki/doku.php?id=en:linux:dokuwiki:secu" title="en:linux:dokuwiki:secu">Dokuwiki Security</a> </div> <div class="breadcrumbs"> <span class="bchead">Trace:</span> <span class="bcsep">&bull;</span> <span class="curid"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu" class="breadcrumbs" title="en:linux:dokuwiki:secu">Dokuwiki Security</a></span> </div> </div> </div> <div class="bar" id="bar__top"> <div class="bar-left"> <a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=edit&amp;rev=" class="action source" accesskey="v" rel="nofollow" title="Show pagesource [V]">Show pagesource</a><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=revisions" class="action revs" accesskey="o" rel="nofollow" title="Old revisions [O]">Old revisions</a><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=media" class="action media" rel="nofollow" title="Media Manager">Media Manager</a> </div> <div class="bar-right"> <a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=recent" class="action recent" accesskey="r" rel="nofollow" title="Recent changes [R]">Recent changes</a><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=index" class="action index" accesskey="x" rel="nofollow" title="Sitemap [X]">Sitemap</a><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=login&amp;sectok=fa169dbc339c19c9fe3ce9b0b1d2ef29" class="action login" rel="nofollow" title="Login">Login</a> </div> </div> <div class="left_sidebar"> <form action="/wiki/doku.php" accept-charset="utf-8" class="search" id="dw__search" method="get"><div class="no"><input type="hidden" name="do" value="search" /><input type="text" id="qsearch__in" accesskey="f" name="id" class="edit" title="[F]" /><input type="submit" value="Search" class="button" title="Search" /><div id="qsearch__out" class="ajax_qsearch JSpopup"></div></div></form> <div class="extra_sidebar sidebar_box"> <div class="plugin_translation"><span>Translations of this page:</span> <ul><li><div class="li"><a href="/wiki/doku.php?id=linux:dokuwiki:secu" class="wikilink1 flag" title="Français"><img src="/wiki/lib/plugins/translation/flags/fr.gif" alt="fr" height="11" />fr</a></div></li><li><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu" class="wikilink1 cur flag" title="English"><img src="/wiki/lib/plugins/translation/flags/en.gif" alt="en" height="11" />en</a></div></li></ul></div> </div> <div class="main_sidebar sidebar_box"> <h1 class="sectionedit1"><a name="sb_left_menu" id="sb_left_menu">Menu</a></h1> <div class="level1"> <ul> <li class="level1"><div class="li"> <a href="/wiki/doku.php?id=en:start" class="wikilink1" title="en:start">English</a></div> </li> <li class="level1"><div class="li"> <a href="/wiki/doku.php?id=en:linux:start" class="wikilink1" title="en:linux:start">Linux</a></div> </li> <li class="level1"><div class="li"> <a href="/wiki/doku.php?id=en:desktop:start" class="wikilink1" title="en:desktop:start">Desktop software</a></div> </li> </ul> </div> </div> <div class="index_sidebar sidebar_box"> <h1>Index</h1><div id="index__tree"> <ul class="idx"> <li class="closed"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=cuisine" class="idx_dir"><strong>cuisine</strong></a></div></li> <li class="closed"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=desktop" class="idx_dir"><strong>desktop</strong></a></div></li> <li class="open"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=en" class="idx_dir"><strong>en</strong></a></div> <ul class="idx"> <li class="closed"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=en%3Adesktop" class="idx_dir"><strong>desktop</strong></a></div></li> <li class="open"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=en%3Alinux" class="idx_dir"><strong>linux</strong></a></div> <ul class="idx"> <li class="open"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=en%3Alinux%3Adokuwiki" class="idx_dir"><strong>dokuwiki</strong></a></div> <ul class="idx"> <li class="level4"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:install" class="wikilink1" title="en:linux:dokuwiki:install">Dokuwiki Install</a></div></li> <li class="level4"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:ldap" class="wikilink1" title="en:linux:dokuwiki:ldap">LDAP Authentication with Dokuwiki</a></div></li> <li class="level4"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:plugins" class="wikilink1" title="en:linux:dokuwiki:plugins">Dokuwiki Plugins</a></div></li> <li class="level4"><div class="li"><span class="curid"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu" class="wikilink1" title="en:linux:dokuwiki:secu">Dokuwiki Security</a></span></div></li> <li class="level4"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:templates" class="wikilink1" title="en:linux:dokuwiki:templates">Dokuwiki Templates</a></div></li> </ul> </li> <li class="closed"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=en%3Alinux%3Aserveur_web" class="idx_dir"><strong>serveur_web</strong></a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:crashplan" class="wikilink1" title="en:linux:crashplan">CrashPlan</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:debian" class="wikilink1" title="en:linux:debian">Debian</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:deluge" class="wikilink1" title="en:linux:deluge">Deluge</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:dns" class="wikilink1" title="en:linux:dns">Bind</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki" class="wikilink1" title="en:linux:dokuwiki">DokuWiki</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:dyndns" class="wikilink1" title="en:linux:dyndns">Dyndns</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:exim" class="wikilink1" title="en:linux:exim">Exim 4</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:imapsync" class="wikilink1" title="en:linux:imapsync">Imapsync</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:linux_multimedia" class="wikilink1" title="en:linux:linux_multimedia">Multimédia on Linux</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:mldonkey" class="wikilink1" title="en:linux:mldonkey">MLDonkey</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:mysql" class="wikilink1" title="en:linux:mysql">Mysql</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:ntp" class="wikilink1" title="en:linux:ntp">Ntp</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:openldap" class="wikilink1" title="en:linux:openldap">OpenLDAP</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:openssl" class="wikilink1" title="en:linux:openssl">OpenSSL</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:phpldapadmin" class="wikilink1" title="en:linux:phpldapadmin">PhpLdapAdmin</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:phpmyadmin" class="wikilink1" title="en:linux:phpmyadmin">PhpMyAdmin</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:phproxy" class="wikilink1" title="en:linux:phproxy">PHProxy</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:serveur_web" class="wikilink1" title="en:linux:serveur_web">Web Server (Apache)</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:start" class="wikilink1" title="en:linux:start">Linux</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:synchro_lftp" class="wikilink1" title="en:linux:synchro_lftp">Synchronization with lftp</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:vi" class="wikilink1" title="en:linux:vi">Vi</a></div></li> <li class="level3"><div class="li"><a href="/wiki/doku.php?id=en:linux:vmware_tools" class="wikilink1" title="en:linux:vmware_tools">VMware tools</a></div></li> </ul> </li> <li class="level2"><div class="li"><a href="/wiki/doku.php?id=en:sidebar" class="wikilink1" title="en:sidebar">Menu</a></div></li> <li class="level2"><div class="li"><a href="/wiki/doku.php?id=en:start" class="wikilink1" title="en:start">English</a></div></li> </ul> </li> <li class="closed"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=hc" class="idx_dir"><strong>hc</strong></a></div></li> <li class="closed"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=jeux" class="idx_dir"><strong>jeux</strong></a></div></li> <li class="closed"><div class="li"><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;idx=linux" class="idx_dir"><strong>linux</strong></a></div></li> <li class="level1"><div class="li"><a href="/wiki/doku.php?id=links" class="wikilink1" title="links">Liens</a></div></li> <li class="level1"><div class="li"><a href="/wiki/doku.php?id=sidebar" class="wikilink1" title="sidebar">Menu</a></div></li> <li class="level1"><div class="li"><a href="/wiki/doku.php?id=start" class="wikilink1" title="start">www.bouthors.fr</a></div></li> </ul> </div></div> </div> <div class="right_page"> <!-- TOC START --> <div class="toc"> <div class="tocheader toctoggle" id="toc__header">Table of Contents</div> <div id="toc__inside"> <ul class="toc"> <li class="level1"><div class="li"><span class="li"><a href="#dokuwiki_security" class="toc">Dokuwiki Security</a></span></div> <ul class="toc"> <li class="level2"><div class="li"><span class="li"><a href="#create_a_private_section" class="toc">Create a private section</a></span></div></li> <li class="level2"><div class="li"><span class="li"><a href="#secure_the_root" class="toc">Secure the root</a></span></div></li> <li class="level2"><div class="li"><span class="li"><a href="#how_to_completely_hide_unauthorized_pages" class="toc">How to completely hide unauthorized pages</a></span></div> <ul class="toc"> <li class="level3"><div class="li"><span class="li"><a href="#demo" class="toc">Demo</a></span></div></li> <li class="level3"><div class="li"><span class="li"><a href="#patched_demo" class="toc">Patched Demo</a></span></div></li> <li class="level3"><div class="li"><span class="li"><a href="#patchs_for_previous_versions" class="toc">Patchs for previous versions</a></span></div></li> </ul></li> </ul></li> </ul> </div> </div> <!-- TOC END --> <div class="tags"><span> <a href="/wiki/doku.php?id=tag:en&amp;do=showtag&amp;tag=en" class="wikilink1" title="tag:en" rel="tag">en</a>, <a href="/wiki/doku.php?id=en:linux&amp;do=showtag&amp;tag=en%3Alinux" class="wikilink1" title="en:linux" rel="tag">linux</a>, <a href="/wiki/doku.php?id=en:server&amp;do=showtag&amp;tag=en%3Aserver" class="wikilink1" title="en:server" rel="tag">server</a>, <a href="/wiki/doku.php?id=en:web&amp;do=showtag&amp;tag=en%3Aweb" class="wikilink1" title="en:web" rel="tag">web</a>, <a href="/wiki/doku.php?id=en:wiki&amp;do=showtag&amp;tag=en%3Awiki" class="wikilink1" title="en:wiki" rel="tag">wiki</a> </span></div> <h1 class="sectionedit2"><a name="dokuwiki_security" id="dokuwiki_security">Dokuwiki Security</a></h1> <div class="level1"> <p> This page gives details how to secure the private sections of <a href="/wiki/doku.php?id=en:linux:dokuwiki" class="wikilink1" title="en:linux:dokuwiki">DokuWiki</a>. </p> <p> <img src="/wiki/lib/images/smileys/icon_exclaim.gif" class="middle" alt=":!:" /> Last update for version 2011-05-25a. </p> </div> <h2 class="sectionedit3"><a name="create_a_private_section" id="create_a_private_section">Create a private section</a></h2> <div class="level2"> <p> To secure some privation information, it is possible to restrict the acces to pages of folders easily using <acronym title="Access Control List">ACL</acronym> : </p> <ul> <li class="level1"><div class="li"> Create the page and/or the folder</div> </li> <li class="level1"><div class="li"> When the page is displayed, click Admin</div> </li> <li class="level1"><div class="li"> Select “Access Control List Management”</div> </li> <li class="level1"><div class="li"> Add the rule :</div> <ul> <li class="level2"><div class="li"> Select the page or folder</div> </li> <li class="level2"><div class="li"> select Group “ALL”</div> </li> <li class="level2"><div class="li"> select “None”</div> </li> <li class="level2"><div class="li"> Click Save</div> </li> </ul> </li> </ul> <p> This rule disable the access to the folder/page, including search and last changes. </p> <p> Then you can add some limited access to specific user or groups. </p> <p> Please note that the super admin has always the full access to all pages. </p> <p> <img src="/wiki/lib/images/smileys/icon_exclaim.gif" class="middle" alt=":!:" /> To make the index reflect the <acronym title="Access Control List">ACL</acronym> rules, you need to select the general option “sneaky_index” </p> </div> <h2 class="sectionedit4"><a name="secure_the_root" id="secure_the_root">Secure the root</a></h2> <div class="level2"> <p> Error messages are differents between unauthorized access and page not found, so everybody can find if a page exist. </p> <p> If a namespace is hidden, to hide it completely, you need to deny the access to the root “*” then authorize public pages and namespaces manually. </p> <p> For example : </p> <div class="table sectionedit5"><table class="inline"> <tr class="row0"> <th class="col0 leftalign"> page </th><th class="col1 leftalign"> group </th><th class="col2 leftalign"> rights </th> </tr> <tr class="row1"> <td class="col0 leftalign"> * </td><td class="col1 leftalign"> @ALL </td><td class="col2 leftalign"> None </td> </tr> <tr class="row2"> <td class="col0 leftalign"> start </td><td class="col1 leftalign"> @ALL </td><td class="col2 leftalign"> Read </td> </tr> <tr class="row3"> <td class="col0 leftalign"> sidebar </td><td class="col1 leftalign"> @ALL </td><td class="col2 leftalign"> Read </td> </tr> <tr class="row4"> <td class="col0 leftalign"> linux:* </td><td class="col1 leftalign"> @ALL </td><td class="col2 leftalign"> Read </td> </tr> <tr class="row5"> <td class="col0 leftalign"> en:* </td><td class="col1 leftalign"> @ALL </td><td class="col2 leftalign"> Read </td> </tr> </table></div> </div> <h2 class="sectionedit6"><a name="how_to_completely_hide_unauthorized_pages" id="how_to_completely_hide_unauthorized_pages">How to completely hide unauthorized pages</a></h2> <div class="level2"> <p> ACLs allow to limit the access to pages, but do not hide them completely.<br/> This section discuss about security issues I found when using private areas, solutions are also provided. </p> <p> Issues are reported on the dokuwiki bug tracker here : <a href="http://bugs.dokuwiki.org/index.php?do=details&amp;task_id=970" class="urlextern" title="http://bugs.dokuwiki.org/index.php?do=details&amp;task_id=970" rel="nofollow">http://bugs.dokuwiki.org/index.php?do=details&amp;task_id=970</a> </p> </div> <h3 class="sectionedit7"><a name="demo" id="demo">Demo</a></h3> <div class="level3"> <p> Demonstration of the issues with a simple wiki : </p> <ul> <li class="level1"><div class="li"> the “start” page has 3 links to 3 pages</div> </li> <li class="level1"><div class="li"> “valid” is an existing and authorized page</div> </li> <li class="level1"><div class="li"> “hidden” is an existing but unauthorized page</div> </li> <li class="level1"><div class="li"> there is no page called “empty” and “empty” is also unauthorized by the <acronym title="Access Control List">ACL</acronym></div> </li> <li class="level1"><div class="li"> the <acronym title="Access Control List">ACL</acronym> are set to deny all except “start” and “valid”</div> </li> <li class="level1"><div class="li"> “useheading” is on</div> </li> </ul> <p> Please find the screenshots : </p> <p> <a href="/wiki/lib/exe/detail.php?id=en%3Alinux%3Adokuwiki%3Asecu&amp;media=linux:dokuwiki:doku_secu_1_1.png" class="media" title="linux:dokuwiki:doku_secu_1_1.png"><img src="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:doku_secu_1_1.png" class="media" alt="" /></a> </p> <p> <a href="/wiki/lib/exe/detail.php?id=en%3Alinux%3Adokuwiki%3Asecu&amp;media=linux:dokuwiki:doku_secu_1_2.png" class="media" title="linux:dokuwiki:doku_secu_1_2.png"><img src="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:doku_secu_1_2.png" class="media" alt="" /></a> </p> <p> <a href="/wiki/lib/exe/detail.php?id=en%3Alinux%3Adokuwiki%3Asecu&amp;media=linux:dokuwiki:doku_secu_1_3.png" class="media" title="linux:dokuwiki:doku_secu_1_3.png"><img src="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:doku_secu_1_3.png" class="media" alt="" /></a> </p> <p> <a href="/wiki/lib/exe/detail.php?id=en%3Alinux%3Adokuwiki%3Asecu&amp;media=linux:dokuwiki:doku_secu_1_4.png" class="media" title="linux:dokuwiki:doku_secu_1_4.png"><img src="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:doku_secu_1_4.png" class="media" alt="" /></a> </p> <p> The detail of the issues : </p> <ul> <li class="level1"><div class="li"> Even if the content is bloqued, it is still possible to know his title if “use_heading” is enabled.</div> </li> <li class="level1"><div class="li"> The breadcrumb store visited pages only if they exist.</div> </li> <li class="level1"><div class="li"> When a page has a link to other pages, they can indicate if the page exists.<br/> </div> </li> </ul> <p> Moreover, if useheasing is on, the title of the page is also displayed. </p> <p> <img src="/wiki/lib/images/smileys/icon_exclaim.gif" class="middle" alt=":!:" /> Warning, the generated pages are cached, so a user can see the link as authorized if the cache content was generated for an authorized user.<br/> To avoid this case, don&#039;t use link to private parts in the public pages, or use NOCACHE directive. </p> <p> Patch: <a href="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:dokuwiki_2011-05-25_secu1.patch" class="media mediafile mf_patch" title="linux:dokuwiki:dokuwiki_2011-05-25_secu1.patch">dokuwiki_2011-05-25_secu1.patch</a> </p> <pre class="code">:/opt/dokuwiki/inc# patch -p 1 &lt; /root/dokuwiki_2011-05-25_secu1.patch patching file common.php patching file parser/xhtml.php :/opt/dokuwiki/inc#</pre> </div> <h3 class="sectionedit8"><a name="patched_demo" id="patched_demo">Patched Demo</a></h3> <div class="level3"> <p> Once dokuwiki is patched, the demo wiki looks like that : </p> <p> <a href="/wiki/lib/exe/detail.php?id=en%3Alinux%3Adokuwiki%3Asecu&amp;media=linux:dokuwiki:doku_secu_2_1.png" class="media" title="linux:dokuwiki:doku_secu_2_1.png"><img src="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:doku_secu_2_1.png" class="media" alt="" /></a> </p> <p> <a href="/wiki/lib/exe/detail.php?id=en%3Alinux%3Adokuwiki%3Asecu&amp;media=linux:dokuwiki:doku_secu_2_2.png" class="media" title="linux:dokuwiki:doku_secu_2_2.png"><img src="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:doku_secu_2_2.png" class="media" alt="" /></a> </p> </div> <h3 class="sectionedit9"><a name="patchs_for_previous_versions" id="patchs_for_previous_versions">Patchs for previous versions</a></h3> <div class="level3"> </div> <h4><a name="section20080505" id="section20080505">2008-05-05</a></h4> <div class="level4"> <p> Patch for version 2008-05-05: <a href="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:doku_hide-2008-05-05.patch" class="media mediafile mf_patch" title="linux:dokuwiki:doku_hide-2008-05-05.patch">doku_hide-2008-05-05.patch</a> </p> <pre class="code">wiki:/opt/wiki# patch -p 1 &lt; /root/doku_hide.patch patching file inc/common.php patching file inc/parser/xhtml.php patching file inc/parserutils.php patching file inc/template.php wiki:/opt/wiki#</pre> </div> <h4><a name="section20090214" id="section20090214">2009-02-14</a></h4> <div class="level4"> <p> Patch for version 2009-02-14: <a href="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:dokuwiki-2009-02-14_security.patch" class="media mediafile mf_patch" title="linux:dokuwiki:dokuwiki-2009-02-14_security.patch">dokuwiki-2009-02-14_security.patch</a> </p> <pre class="code">wiki:/opt/wiki/inc# patch -p 1 &lt; /root/doku_hide.patch patching file common.php patching file parser/xhtml.php patching file parserutils.php patching file template.php wiki:/opt/wiki/inc#</pre> </div> <h4><a name="section20101107" id="section20101107">2010-11-07</a></h4> <div class="level4"> <p> Patches for version 2010-11-07. </p> </div> <h5><a name="displaying_the_title_of_hidden_pages" id="displaying_the_title_of_hidden_pages">Displaying the title of hidden pages</a></h5> <div class="level5"> <p> Even if the content is bloqued, it is still possible to know his title if “use_heading” is enabled. </p> <p> Patch : <a href="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:dokuwiki-2010-11-07_secu1.patch" class="media mediafile mf_patch" title="linux:dokuwiki:dokuwiki-2010-11-07_secu1.patch">dokuwiki-2010-11-07_secu1.patch</a> </p> <pre class="code">:/opt/dokuwiki/inc# patch -p 1 &lt; /root/dokuwiki-2010-11-07_secu1.patch patching file parserutils.php :/opt/dokuwiki/inc#</pre> </div> <h5><a name="the_style_used_inside_youarehere_indicate_if_the_page_exists" id="the_style_used_inside_youarehere_indicate_if_the_page_exists">The style used inside youarehere indicate if the page exists</a></h5> <div class="level5"> <p> It is possible to identify if the page exist by looking at the style used inside “youarehere” (this text is used as the upper left title of my template). </p> <p> Patch : <a href="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:dokuwiki-2010-11-07_secu2.patch" class="media mediafile mf_patch" title="linux:dokuwiki:dokuwiki-2010-11-07_secu2.patch">dokuwiki-2010-11-07_secu2.patch</a> </p> <pre class="code">:/opt/dokuwiki/inc# patch -p 1 &lt; /root/dokuwiki-2010-11-07_secu2.patch patching file template.php :/opt/dokuwiki/inc#</pre> </div> <h5><a name="the_breadcrumb_indicate_if_the_page_exists" id="the_breadcrumb_indicate_if_the_page_exists">The breadcrumb indicate if the page exists</a></h5> <div class="level5"> <p> The breadcrumb store visited pages only if they exist. </p> <p> Patch : <a href="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:dokuwiki-2010-11-07_secu3.patch" class="media mediafile mf_patch" title="linux:dokuwiki:dokuwiki-2010-11-07_secu3.patch">dokuwiki-2010-11-07_secu3.patch</a> </p> <pre class="code">:/opt/dokuwiki/inc# patch -p 1 &lt; /root/dokuwiki-2010-11-07_secu3.patch patching file common.php :/opt/dokuwiki/inc#</pre> </div> <h5><a name="the_links_inside_the_content_show_if_the_page_exists_and_its_title" id="the_links_inside_the_content_show_if_the_page_exists_and_its_title">The links inside the content show if the page exists and its title</a></h5> <div class="level5"> <p> When a page has a link to other pages, they can indicate if the page exists.<br/> Moreover, if useheasing is on, the title of the page is also displayed. </p> <p> Patch : <a href="/wiki/lib/exe/fetch.php?media=linux:dokuwiki:dokuwiki-2010-11-07_secu4.patch" class="media mediafile mf_patch" title="linux:dokuwiki:dokuwiki-2010-11-07_secu4.patch">dokuwiki-2010-11-07_secu4.patch</a> </p> <pre class="code">:/opt/dokuwiki/inc# patch -p 1 &lt; /root/dokuwiki-2010-11-07_secu4.patch patching file parser/xhtml.php :/opt/dokuwiki/inc#</pre> <p> <img src="/wiki/lib/images/smileys/icon_exclaim.gif" class="middle" alt=":!:" /> Warning, the generated pages are cached, so a user can see the link as authorized if the cache content was generated for an authorized user.<br/> To avoid this case, don&#039;t use link to private parts in the public pages, or use NOCACHE directive. </p> </div> </div> <div class="stylefoot"> <div class="meta"> <div class="user"> </div> <div class="doc"> en/linux/dokuwiki/secu.txt &middot; Last modified: 2011/10/04 22:16 by matthieu </div> </div> </div> <div class="clearer"></div> <div class="bar" id="bar__bottom"> <div class="bar-left"> <a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=edit&amp;rev=" class="action source" accesskey="v" rel="nofollow" title="Show pagesource [V]">Show pagesource</a><a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=revisions" class="action revs" accesskey="o" rel="nofollow" title="Old revisions [O]">Old revisions</a> </div> <div class="bar-right"> <a href="/wiki/doku.php?id=en:linux:dokuwiki:secu&amp;do=backlink" class="action backlink" rel="nofollow" title="Backlinks">Backlinks</a><a href="#dokuwiki__top" class="action top" accesskey="x" rel="nofollow" title="Back to top [X]">Back to top</a> </div> </div> <div class="clearer"></div> <div class="footerinc"> <a href="/wiki/feed.php" title="Recent changes RSS feed"><img src="/wiki/lib/tpl/arctic-mbo/images/button-rss.png" width="80" height="15" alt="Recent changes RSS feed" /></a> <a href="http://creativecommons.org/licenses/by-sa/3.0/" rel="license" title="CC Attribution-Share Alike 3.0 Unported"><img src="/wiki/lib/images/license/button/cc-by-sa.png" width="80" height="15" alt="" /></a> <a target="_blank" href="http://www.debian.org" title="Debian"><img src="/wiki/lib/tpl/arctic-mbo/images/button-debian.png" width="80" height="15" alt="Debian" border="0" /></a> <a href="http://www.php.net" title="Powered by PHP"><img src="/wiki/lib/tpl/arctic-mbo/images/button-php.gif" width="80" height="15" alt="Powered by PHP" /></a> <a href="http://validator.w3.org/check/referer" title="Valid XHTML 1.0"><img src="/wiki/lib/tpl/arctic-mbo/images/button-xhtml.png" width="80" height="15" alt="Valid XHTML 1.0" /></a> <a href="http://jigsaw.w3.org/css-validator/check/referer?profile=css3" title="Valid CSS"><img src="/wiki/lib/tpl/arctic-mbo/images/button-css.png" width="80" height="15" alt="Valid CSS" /></a> <a href="http://dokuwiki.org/" title="Driven by DokuWiki"><img src="/wiki/lib/tpl/arctic-mbo/images/button-dw.png" width="80" height="15" alt="Driven by DokuWiki" /></a> </div> </div> </div> <div class="no"><img src="/wiki/lib/exe/indexer.php?id=en%3Alinux%3Adokuwiki%3Asecu&amp;1743044874" width="2" height="1" alt="" /></div> </body> </html>

Pages: 1 2 3 4 5 6 7 8 9 10