[wikka-community] secutity questions concerning the use of /plugins dir
Jens Giesemann
jens
Mon Aug 31 13:14:52 GMT 2009
hi all,
i have written roughly three dozens of minor php code modifications in
several actions, handlers and also wakka.class for running my wikka
based web site www.giesemann.net.
once started with 1.1.6.5 i did the update to 1.1.6.6 by sync'ing the
complete 1.1.6.7 directory tree line by line using the MELD difference
viewer. this way was safe to merge the complete new code with all my
modifications, but for the cost of 3 hours of work (as i remember, there
was a security issue with GET fixed in 1.1.6.6., striking nearly every
file)
so, now i discuss with me, wheather i should furthermore continue to
"meld" the code bases, spending that time, or better migrate the
modified files to /plugins and update the rest ...
as far as i understand, latter would cause the modified active copies
in /plugins won't be maintained anymore. this, i suppose, could
potentially lead into serious security lacks in the future, and also it
would override bugfixes and enhancements.
which way do you think is the appropriate, merging or plugging?
regards from oldenburg,
jens
More information about the community
mailing list