PukiWiki
| Revision | 1e5dbaa8877410733fd3902feaf737146376fabb (tree) |
|---|---|
| Time | 2006-06-12 00:24:35 |
| Author | henoheno <henoheno> |
| Commiter | henoheno |
Correct a little
UPDATING.en.txt (diff)| @@ -1,5 +1,5 @@ | ||
| 1 | 1 | PukiWiki UPDATING |
| 2 | -$Id: UPDATING.en.txt,v 1.2 2006/06/03 07:10:11 henoheno Exp $ | |
| 2 | +$Id: UPDATING.en.txt,v 1.3 2006/06/11 15:24:35 henoheno Exp $ | |
| 3 | 3 | |
| 4 | 4 | |
| 5 | 5 | INCOMPATIBILITY INFORMATION BETWEEN RELEASES |
| @@ -9,16 +9,16 @@ PukiWiki 1.4.7: Incompatibility from PukiWiki 1.4.6 | ||
| 9 | 9 | |
| 10 | 10 | 1. Default value of administrator's password ($adminpass) had been changed |
| 11 | 11 | from "pass" to "(A string never authenticatable)" |
| 12 | - * Password for PukiWiki 1.4.6 is usable for 1.4.7 | |
| 12 | + * Password for PukiWiki 1.4.6 is also usable for 1.4.7 | |
| 13 | 13 | * Password format had been changed from 1.4.6 (See BugTrack/709) |
| 14 | 14 | |
| 15 | 15 | 2. The implementation of "OS command execution after write" had been |
| 16 | 16 | changed from "with a global variable($update_exec)" to "with a |
| 17 | 17 | constant(PKWK_UPDATE_EXEC)" for security reason |
| 18 | 18 | |
| 19 | - If someone tricks you into using malicious plugin, that can rewrite | |
| 20 | - $update_exec dynamically, there will be a vulnerability called | |
| 21 | - "OS command injection". | |
| 19 | + If someone tricks you into using malicious (but obfuscated) plugin, | |
| 20 | + that can simply rewrite $update_exec, to do something nasty. | |
| 21 | + (a vulnerability called "OS command injection") | |
| 22 | 22 | |
| 23 | 23 | 3. Default contents: Page "FormatRule" had been renamed to |
| 24 | 24 | "FormattingRules" to show text-formatting-rules with edit plugin |
umorigu
Fork