This is the issuetrackingsystem for DokuWiki. You may add bugs and feature wishes here. Please post support requests in the Forum.
To prevent spamming anonymous task adding had to be disabled. Your account here is valid as login for DokuWiki, too.
Please read wiki:bugs for help with the bugtracking system
Always perform a search on both open and closed tasks before
opening a new one; your bug might already have been reported.
FS#823 — Security Flaw in spellchecker
Attached to Project— DokuWiki
Opened by Andreas Gohr (andi) - Sunday, 04 June 2006, 07:59PM
Last edited by Andreas Gohr (andi) - Sunday, 04 June 2006, 08:23PM
Opened by Andreas Gohr (andi) - Sunday, 04 June 2006, 07:59PM
Last edited by Andreas Gohr (andi) - Sunday, 04 June 2006, 08:23PM
| Bug Report | |
| Security | |
| CLOSED | |
| No-one | |
| All |
| High | |
| Immediate | |
| none | |
| Undecided | |
| Undecided | |
 |
Stefan Esser from the Hardened-PHP Project found a security problem in DokuWiki's spellchecking backend which allows insertion of arbitrary PHP code.
All users should fix this immeadiately. If you don't use the spellchecker, you can simply delete the lib/exe/spellcheck.php file. If this is not an option for you, you can get an updated version of the file from http://dev.splitbrain.org/download/darcs/dokuwiki/lib/exe/spellcheck.php
The download package of the current stable version, available at http://www.splitbrain.org/go/dokuwiki was fixed as well.
All users should fix this immeadiately. If you don't use the spellchecker, you can simply delete the lib/exe/spellcheck.php file. If this is not an option for you, you can get an updated version of the file from http://dev.splitbrain.org/download/darcs/dokuwiki/lib/exe/spellcheck.php
The download package of the current stable version, available at http://www.splitbrain.org/go/dokuwiki was fixed as well.
This task depends upon
This task blocks these from closing
Date: Tuesday, 06 June 2006, 08:02PM
Reason for closing: Fixed