[Show/Hide Right Column]

Close
noteNote
This page is to document "what Tiki should do". For feature documentation (what Tiki does), please see corresponding page on doc site

Intrusions, site breakage, lost data
Print

Security

Disclose a vulnerability

To allow us time to patch the system, please report the vulnerability using the bug tracking system using the category "security" but without detailing the vulnerability so it cannot be exploited AND please contact the security team with full details and we'll deal with your input.

Please see http://security.tikiwiki.org

Table of contents

Open

 RatingSubjectPriorityCategoryCreated
open-2-1012(2)HelpCategorisation permission issue with Calendars and Trackers9 highBug: Consistency
Bug: Error		2009-02
open-2-1012(1)Helpsecurity issue: login issue8Bug: Error2009-03
open-2-1012(0)HelpHTMLpurifier no longer permits to use Paypal buttons (starting in Tiki4)8Bug: conflict of two features (each works well independently)
Bug: Regression		2010-01
open-2-1012(3)HelpRSS Calendar Security problem - anonymous users allowed access to secured calendar via RSS link72007-10
open-2-1012(0)HelpNo spam protection for shoutbox users7Bug: Usability2008-06
open-2-1012(3)HelpNeed stronger CapCha7Feature request2008-06
open-2-1012(1)HelpUser Information Page shows non-public wiki page titles7Bug: Error2008-07
open-2-1012(0)HelpSecurity issue in a module7Bug: Error2008-12
open-2-1012(1)HelpWeb Auth Needs Some Fine Tuning7Bug: conflict of two features (each works well independently)
Bug: Usability
Feature request		2009-04
open-2-1012(1)HelpProfiles Repository URLs Are Not Connect 7Bug: Usability
Support request		2009-11
open-2-1012(2)HelpRegistration Page does not display and password suggestion does not consider security settings.6Bug: Usability
Feature request		2008-01
open-2-1012(2)HelpAdd "tiki_p_admin_structures" permission6Bug: Usability
Feature request		2009-04
open-2-1012(0)HelpSetting admin password in the installer, with option to force change at first login6Feature request2009-05
open-2-1012(0)HelpRedirect plugin: add wiki= so we can use this plugin without a validation at each page6Feature request2009-08
open-2-1012(1)HelpFatal error: Call to undefined TikiDb_Adodb::setAttribute() in ..\lib\tikisession-pdo.php on line 186Bug: Error2009-11
open-2-1012(1)HelpWarning: is_dir(): Stat failed for ./img/wiki_up/tiki1/... intiki-admin_security.php?check_files6Bug: Usability2006-09
open-2-1012(2)Helpbinddb and bindpw not used when binding to LDAP5Bug: Error
Patch		2007-10
open-2-1012(1)HelpSecdb for all files (not just php)5Feature request2007-11
open-2-1012(0)HelpAutomatic SVN commit of secdb and syncdb5Community projects2008-04
open-2-1012(0)HelpLogout fails to work when web authorization is selected5Bug: Usability2009-04
open-2-1012(0)HelpEnhancement: Use .htpasswd / .htgroup for user access & control5Feature request2009-04
open-2-1012(2)HelpImage attachements are not saved unique5Bug: Error
Bug: Usability		2006-04
open-2-1012(0)HelpSecurity bug which bypasses directory site validation.5Bug: Error2006-07
open-2-1012(1)Helpfalse positive at tikiwiki security error report 4Bug: Usability2009-02
open-2-1012(3)Helpmail-in provides no security4Bug: Error2006-05
open-2-1012(1)HelpTrackers: ratings fake vote by URL3Bug: Error2007-12
open-2-1012(0)HelpTrackback pings should not use fopen to open urls.3Bug: Error2005-05
open-2-1012(0)HelpTake in account the Apache option "AccessFileName" 3Feature request2010-08
open-2-1012(1)Helpwiki-edit: footnotes allows html3Bug: Error2006-08
open-2-1012(0)Helpdynamic contents in userdefined modules crashes tiki32006-08
open-2-1012(1)HelpPath disclosure bug in trackers2Bug: Error2007-06
open-2-1012(1)HelpPassword manager2Feature request2009-07
open-2-1012(1)HelpEasy way to deal with SSL when using external images or scripts1 lowFeature request2008-02
open-2-1012(0)HelpSecurity DB and mods don't work together 1 lowBug: Usability
Feature request		2008-02
open-2-1012(1)HelpFile gallery: Virus checker1 lowFeature request2008-04
open-2-1012(0)Helpssl_error_rx_record_too_long when using "Require Secure (HTTPS) login" (CPANEL self-signed cert.)1 lowBug: Error
Bug: Usability		2010-03
open-2-1012(0)HelpLogin at workflow.tw.o and info.tw.o fails with XMLRPC Error: 5Bug: Error2008-12
open-2-1012(1)HelpPlugin html should have security, and pass code exactly as isFeature request2009-03

Pending

 RatingSubjectPriorityCategoryCreated
pending-2-1012(0)HelpUpgrade to rel 4 : No permissions for user "admin"9 highBug: Regression2010-01
pending-2-1012(0)HelpInstantaneous visual feedback of password strength3Feature request2008-06
pending-2-1012(2)HelpBuilt it TPL editor removes Javascript from the Templates3Bug: Usability
Feature request		2005-04
pending-2-1012(1)HelpSecurity problem with sophisticated google hack on local.php (how to clean up after an intrusion)22007-11

Closed

 RatingSubjectPriorityCategoryCreated
closed-2-1012(1)HelpXSS vulnerability issue B969 highBug: Error2008-01
closed-2-1012(2)HelpMultimedia Flash unusable due to XSS protection9 highBug: Error
Bug: Regression
Bug: Usability		2008-10
closed-2-1012(2)Helpsite based on 2.2 + tikipedia attacked at tiki-browse_image.php from galleries9 highBug: Usability2009-02
closed-2-1012(1)Helppotential security hole related to managing users9 highBug: Usability
Support request		2009-11
closed-2-1012(1)HelpAdd New User - Gen Password - Validate By Email is Broken in 4.1 and 4.29 highBug: Consistency
Bug: Error
Bug: Regression
Bug: Usability		2010-03
closed-2-1012(1)HelpPlugins admin interface to activate/deactivate plugins9 highFeature request2006-02
closed-2-1012(1)Helptikiwiki version 1.9.5 (CVS) -Sirius- mysql password disclosure & xss9 highBug: Error2006-11
closed-2-1012(0)HelpVulnerability in registrating9 high2007-01
closed-2-1012(0)Helptiki_p_search makes users "admin"8Bug: Consistency
Bug: Error		2008-03
closed-2-1012(0)HelpSecurity:Active XSS in URI allows remote exploitation of user browser8Bug: Error2009-03
closed-2-1012(0)Helpstyles/transitions/2.1to3.0.css file vandalized82009-09
closed-2-1012(1)HelpModules do not work when called from within wiki pages8Bug: Error2009-11
closed-2-1012(0)HelpMy site totally dead: Warning: ini_set() has been disabled for security reasons7Bug: Error2007-06
closed-2-1012(2)HelpForum security issue: Ref: H567Bug: Error2007-07
closed-2-1012(0)HelpTikiWiki 2.0: SearchBox Not Displaying for Anonymous Users7Bug: Usability
Support request		2008-09
closed-2-1012(2)HelpBanning users ( tiki-admin_banning.php ) doesn't work for me at doc.tw.o6Bug: Usability2007-06
closed-2-1012(3)HelpWiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)6Bug: Error2007-06
closed-2-1012(3)HelpWiki cache & plugins: WYSIWYCA problem when admin visits the page (and creates the cache)6Bug: Error2007-08
closed-2-1012(1)Helptopic permissions not working in tiki-list_articles.php6Bug: Error
Patch
Support request		2008-11
closed-2-1012(2)HelpOptional disabling on javascript stripping protection6Feature request2006-07
closed-2-1012(0)Helpimage gallery: sort_mode=filesize causes mysql error and path disclosure5Bug: Error2007-09
closed-2-1012(1)HelpSecdb automatic check with cron job5Feature request2007-09
closed-2-1012(4)HelpAuthenticated RSS5Feature request2008-01
closed-2-1012(2)HelpBetter protection against accidental site breakage with improper use of code in modules + template 4Bug: Error
Bug: Usability
Feature request		2007-04
closed-2-1012(0)HelpChange Crypt passwords method4Feature request2008-07
closed-2-1012(0)HelpURL_ID replaced in a link4Bug: Error
Bug: Usability		2008-10
closed-2-1012(4)HelpRestrict possible characters in usernames3Bug: Error
Bug: Usability
Feature request		2007-07
closed-2-1012(1)HelpCVE-2006-6457 tikiwiki vulnerableBug: Error
Support request		2007-01
closed-2-1012(0)HelpTikiWiki 2.0: Odd Tags get Inserted into HTML CodeBug: Consistency
Bug: Error
Bug: Usability		2008-08
closed-2-1012(0)HelpUsing preg_replace with /e modifierBug: Error
Feature request
Patch		2010-01
closed-2-1012(0)HelpNo access permission on articles----articles accessible by articleID for any groupFeature request2007-01

Contributors to this page: Marc Laporte2679 points  .
Page last modified on Sunday 20 September, 2009 00:57:29 UTC by Marc Laporte2679 points .

SourceHistory

Search [toggle]

Search Wishes (subject only) [toggle]

Keywords [toggle]

The following is a list of keywords that should serve as hubs for navigation within the Tiki development and should correspond to documentation keywords.

Each feature in Tiki has a wiki page which regroups all the bugs, requests for enhancements, etc. It is somewhat a form of wiki-based project management. You can also express your interest in a feature by adding it to your profile. You can also try out the Dynamic filter.

Last Changed Items [toggle]

Last Comments [toggle]

Last Changed Pages [toggle]


Show php error messages