Hi Everyone, I've fixed it in master and I'll publish a fix tomorrow, but I just realized that the create directory function in the directory index page does not check the folder name before creating it, which means that any relative path will create a folder as long as it doesn't exist. So it's not much of a security risk, because it will fail if the folder already exists, but I thought I should mention it. I'm assuming no one has this feature enabled for the public anyway, so it shouldn't be much of an issue.
Also, a week ago I discovered that I had not sufficiently checked the login cookie suffix and an empty suffix would have slipped through, but as no one has really been using this feature yet I don't think that would have affected anyone. Just use at least 2.1.5 and you'll be fine. I'm glad I'm catching bugs. Just thought I should let everyone know since these slipped through. Arlen -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to tiddlywiki+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/CAJ1vdSQcyehhMffEu%3DbODva7UJH6MbmB4DgHqwX2n7Nd1%3Di6ww%40mail.gmail.com.