-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Je Dimanĉo 25 Majo 2003 15:13, Thomas Corell skribis:
Well, I only tested german wikipedia, of course. But I
see all this
values, which of course I could not edit.
Whoaaaaaaa, that's a horse of a different color.
That's a serious bug.
Okay: this correctly gives error:
SELECT user_password from user limit 5
but this shows the password and e-mail fields:
SELECT * from user limit 5
I'm disabling the queries until this is fixed.
The other problem I
remember: public access to user.sql via the download area. If you do
this, forget all that restrictions.
??????
urkkkk..... those should really not have been there. I assume Lee
created them at some point when making backups, and forgot that they
were world-accessible download directories. I've deleted them.
- -- brion vibber (brion @
pobox.com)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+0UVdxVlOmwh1xjgRAvbyAJ9nzkVuRkJ5f6yGtT37FxqAEIVRLwCaA4/f
Ar2rncKtxIZ1uig7t8oIFYY=
=WS1V
-----END PGP SIGNATURE-----