Issue #42 resolved

Anyone can change the download link under Downloads in the wiki

Victor Blomberg
created an issue

Anyone could change the link at the Downloads page in the wiki to target a malicious file anywhere. Maybe the easiest solution would be to move the wiki page Downloads to the main site.

Comments (3)

  1. Nerzhul500 repo owner

    Wow, big thanks for that. But I really don't know how to make wiki read only. There are only options private wiki or public wiki (anyone can read, edit). I hope that nobody wants to deface this project.

  2. Victor Blomberg reporter

    There are only options private wiki or public wiki (anyone can read, edit).

    That is weird.

    What about removing the download page from the wiki, and changing the link "or download ReSpeller Free with limited functionality" at http://etherealcode.com/respeller/ to target the installation file directly? No one can mess with the site without commit rights, and it is really what the user wants anyway, isn't it?

    Thank you for a great plugin anyhow!

  3. Log in to comment