Menu
▾
▴
Re: [Phpwiki-talk] Something very weird has happened to my Wiki
|
From: Steven M. <st...@mu...> - 2002-01-12 01:32:09
|
Thanks for the help Jeff and Lawrence. At 11:59 11/01/02 -0800, you wrote: >On Fri, 11 Jan 2002 19:33:25 -0000 >"Lawrence Akka" <Law...@th...> wrote: > > > Actually, Jeff, if you delete HomePage, all the Virgin pages are >reloaded > >Aha! Yes, of course. I think Lawrence has got it :-) Someone (16-181.E.dial.o-tel-o.net/212.144.16.181) deleted the contents of HomePage and saved the changes. It then seems that if HomePage is either empty or not present (I'm not even sure if there is a distinction between these two), then all the original files are loaded from pgsrc. When I was upgrading from 1.2 to 1.3, I had problems importing serialised files, so instead I overwrote the files in pgsrc which were either new, or updated from the 1.2 base package. Then when I first started PhpWiki the files were loaded properly. Since then I had simply forgotten about them, but when the HomePage was emptied today, these were reloaded. Fortunately the replacement files in pgsrc were loaded on top of the existing (more up to date pages), so I lost nothing. All I had to do was bring every page, which was in the 1.2 wiki but had been updated since it was imported, back one version. Since my Wiki is small this was not major undertaking and is now complete. I agree that this is an undesirable feature, so while there are long term solutions for this, in the short term I think some remedial action is necessary on any "live" PhpWiki 1.3 sites. One possibility is to lock the HomePage, but I would rather not do that for my site, and also I can't unlock locked pages (has this been fixed, I'm using quite an old version with a few random patches?). My solution has been to empty all contents from pgsrc, except from HomePage itself, then if HomePage is deleted, it will be replaced by the original, but no other pages are affected. Also I set the pgsrc/HomePage to contain a message stating the site was undergoing technical difficulties and to contact me, hence if HomePage is wiped I would hopefully get an email, then I could restore HomePage and the rest of the Wiki would be unchanged. Do you think it would be worthwhile to send out a "security announcement" or similar covering this feature? While my Wiki is small, if this were to happen to a large Wiki then there would be a lot of work restoring it. I know there aren't that many 1.3 Wikis about, and they should be regularly backed up, but there are a few out there and this feature allows a malicious user to cause a significant amount of damage to the site. This is just a suggestion so feel free to ignore it. Also does anyone know how 1.2 will respond to this type of action? I have no idea who deleted HomePage, I don't know anyone on that ISP. I'm also not sure whether they made a mistake or were being malicious, although the fact that he/she deleted the HomePage twice does make me suspicious. Never mind, no harm done. >When one upgrades to a new release of PhpWiki, in general one does not >want to replace most of the pgsrc. On the other hand, sometimes upgrading >PhpWiki will break some of the "magic pages" (PhpWikiAdministration, >RecentChanges, TitleSearch, etc...) If each page in the distributed pgsrc >had a pgsrc_version meta-data, then there could be an option to only >update the page if the pgsrc_version is greater than that currently in the >database. (The "major" part of pgsrc_version should be incremented when >there are functional changes to the page, the "minor" version gets bumped >everytime the pgsrc is modified.) This would be a very good feature. When upgrading from 1.2 to 1.3 I spent some time working out which pages in my 1.2 wiki should be transferred over, which should be replaced by those in the 1.3 package, and those which should be based on 1.3 pages, but have the same changes added to them which I had made to the 1.2 pages. Any features which would help in this process would be greatly appreciated. Thanks again, Steven. -- email: st...@mu... web: http://www.murdomedia.net/ PGP/GnuPG keys: http://www.murdomedia.net/keys.html |
