Viewing Single Post From: Security update

Viewing Single Post From: Security update
Jacroe	Mar 2 2008, 12:50 AM
Administrator Posts: 13 Group: Admins Member #1 Joined: Nov 28, 2007 What's up Starting to work on Documentation	A security hole has been discovered that can allow an attacker to change your wiki, even when the wiki is locked. To plug this hole, add the following code in your save.php right below the <?php Code: `if (file_exists('noedit.lock')) { die('This wiki has been locked from editing. <a href="index.php">MainPage</a>'); }` Your new save.php file should look something like this: Code: `<?php if (file_exists('noedit.lock')) { die('This wiki has been locked from editing. <a href="index.php">MainPage</a>'); } if (($_POST['article']) == '') {` With more code after that. Save the changes, and it should work. If it doesn't, please post about it in the General Support forum. Alternatively, you can just replace your old save.php with the new one attached to this topic. Attached to this post: save.php (2.72 KB)


Security update · Announcements & News