From: Michael Davey <Michael.Davey@CodeRage.ORG> - 2005-01-29 16:35:01
Robin Lee Powell wrote:
>My SandBox keeps getting defaced, but I thought this was impossible.
>Is there something I can do to fix this?
Which version of Tiki are you using? I've just checked in CVS and it
looks to me like 1.8.x has always permitted the sandbox to be saved.
1.9 has a check in templates/tiki-editpage.tpl to not offer a save
button but checks for specific capitalization and unfortunately the menu
item has recently changed from tiki-editpage.php?page=SandBox to
tiki-editpage.php?page=sandbox. Really this check should be case
insensitive as wiki page names in Tiki are case insensitive.
Furthermore, there is a minor security hole in Tiki that makes it
possible to deface the sandbox even if the above were fixed. I have
sent an email to the security list with the details.