Revision [19885]
This is an old revision of WillyPs made by WillyPs on 2008-04-25 20:18:24.
WillyPs
I have an installation of EasyPhP on my machine so I can experiment without having to upload files... and most likely break existing websites! I installed the trunk version of WikkaWiki, then 1.1.6.4rc1 was released, so I installed that, too. Now that 1.1.6.4 is released I'll upgrade soon. EasyPhP does not operate exactly like a lamp stack server would, but it's pretty close. The main difference I've noticed is that 'rewrite mode' is off. I have been unsuccessful at turning it on.
I upgraded www.prepare4descent.net/descentiapedia DescentiaPedia to 1.1.6.4, the installer failed to write the config file, in fact erased all of it but the version number. It did this twice. The first time, I restored the database and folders from my backups. My second attempt, I decided to try copying the config file from my EasyPhP install and make changes to it as necessary. This worked. I had installed WikiFile, now I am going to move all those files to another folder and manually link them. I noticed there are odd pages (like UserSettings) that had files uploaded from, so I am thinking spam-members may have uploaded files through the WikiFile mod. For that reason and for the fact that every file has to have a page (which makes for a lot of pages with no content) I am not going to attempt to reinstall WikiFile.
http://wush.net/trac/wikka/ticket/736
How is this possible?
Today I had a spam comment in a page that I had deleted some time ago... When I clicked the link to the page on the recently commented page, it asked me if I wanted to create it. So I did, and there is already a spam comment! What's up with that? How can they leave a comment on a page that does not exist? Page writes are restricted to a select few users. Read and comment are *.- Comment ACL of * allows for posting of comments regardless of page write perms. When you delete a page, comments are deleted. Have you compared timestamps of the comment and page creation record? --BrianKoontz
- No, the page had been deleted some time (weeks) ago, the comment showed up recently. There was no page history, because there was no page. How can a comment be made on a page that does not exist?
- It's not supposed to be possible, as comments are deleted from the DB prior to a page being deleted. Can you reproduce the issue? --BrianKoontz
- They are. The bug/feature is different: if you have the right to comment, you can comment. If you can comment by default, you can comment on non-existent pages, too. --Nils (Ticket: 747)
- Can someone provide proof/reproducibility of this "bug"? I see one anecdotal example, but if it's not reproducible, there's not much can be done about it. --BrianKoontz
- I just reproduced the issue here: http://demo.wikkawiki.org/RecentlyCommented - I posted the comment content via HTTP through a PHP script to a non existing page (SandBox2/addcomment) whose comments ACLs were previously set to * -DarTar
- So the spammer must have marked a link to the comment section before I deleted the page. Perhaps some 'if page exists' code could be added to the comments code. Ok, I see exactly that in ticket 747. Or better yet, is there a way to prevent scripts from posting? --WillyPs
www.prepare4descent.net/descentiapedia DescentiaPedia
www.prepare4descent.net Prepare For Descent!
Rant This Space!
CategoryUsers