Security: Fix ACL check in search_allpages - dokuwiki - The DokuWiki Open Source Wiki Engine

diff options

author	Michael Hamann <michael@content-space.de>	2018-11-29 22:14:56 +0100
committer	Michael Hamann <michael@content-space.de>	2018-11-29 22:20:57 +0100
commit	77244e70121648abe518b25ad9d4b7b65f03f7d7 (patch)
tree	de8f47914d5a584f86b4a875abd8cf7998928240 /lib/scripts/jquery
parent	5a361db5ce318a94150c0949bffeb98f5331588e (diff)
download	dokuwiki-77244e70121648abe518b25ad9d4b7b65f03f7d7.tar.gz dokuwiki-77244e70121648abe518b25ad9d4b7b65f03f7d7.zip

Security: Fix ACL check in search_allpages

Due to the changes in 8f34cf3d32c9c091caa658472bd4e3a8270969a8, the ACL check in search_allpages was only executed when 'skipacl' has been explicitly set to false. Otherwise, only ACLs for namespaces were checked (unless the sneakyacl option was passed). The documentation states that the default for 'skipacl' is false, so setting it to false shouldn't be necessary. From all I can see, this does not concern DokuWiki itself as search_allpages is never used without the 'skipacl' option explicitly set to true or false. However, this causes serious security issues in plugins that rely on this ACL check in search_allpages like the include plugin.

Diffstat (limited to 'lib/scripts/jquery')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: