Re: [Phpwiki-talk] Missing access checks in CreatePage and AppendText plugins

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Christof,

Thank you for your patches.
I have published them in Subversion.

Best regards,

Marc-Etienne

--
Marc-Etienne Vargenau mar...@no...<mailto:mar...@no...>
Nokia, 12, rue Jean-Bart, 91300 Massy, FRANCE
Mobile: +33 6 24 49 78 68<tel:+33624497868>
Senior Specialist Open Source
Planned absence: 4-22 August

De : Christof Meerwald via Phpwiki-talk <php...@li...>
Date : mardi, 29 juillet 2025 à 23:24
À : Phpwiki-talk <php...@li...>
Cc : Christof Meerwald <cm...@cm...>
Objet : Re: [Phpwiki-talk] Missing access checks in CreatePage and AppendText plugins

CAUTION: This is an external email. Please be very careful when clicking links or opening attachments. See the URL nok.it/ext for additional information.

On Tue, Jul 29, 2025 at 11:04:24PM +0200, Christof Meerwald wrote:
> Noticed that the CreatePage and AppendText plugins let unauthenticated
> users create pages or let them append text to pages, e.g.

Actually, WikiAdminDeleteAcl is also missing an access check, patch
attached.

Christof

--
https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcmeerw.org%2F&data=05%7C02%7Cmarc-etienne.vargenau%40nokia.com%7C4e796218c09f47fe61f408ddcee6362f%7C5d4717519675428d917b70f44f9630b0%7C0%7C0%7C638894210508983458%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=w%2B9pGigz7tN%2BhTJYA2nrg%2FgQ34nH6B59h0smjnzcheg%3D&reserved=0<https://cmeerw.org/>                             sip:cmeerw at cmeerw.org
mailto:cmeerw at cmeerw.org                   xmpp:cmeerw at cmeerw.org