Arlen Thanks for being responsible for potential risks.
Love your work Tony On Tuesday, October 8, 2019 at 12:24:03 PM UTC+11, Arlen Beiler wrote: > > Hi Everyone, > > I've fixed it in master and I'll publish a fix tomorrow, but I just > realized that the create directory function in the directory index page > does not check the folder name before creating it, which means that any > relative path will create a folder as long as it doesn't exist. So it's not > much of a security risk, because it will fail if the folder already exists, > but I thought I should mention it. I'm assuming no one has this feature > enabled for the public anyway, so it shouldn't be much of an issue. > > Also, a week ago I discovered that I had not sufficiently checked the > login cookie suffix and an empty suffix would have slipped through, but as > no one has really been using this feature yet I don't think that would have > affected anyone. Just use at least 2.1.5 and you'll be fine. I'm glad I'm > catching bugs. Just thought I should let everyone know since these slipped > through. > > Arlen > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/f0d68b05-b6ee-4fb2-a9b2-e0800f396dd8%40googlegroups.com.
