Use md5sum of id and client ip as temporary filename in XML-RPC

Before this patch the temporary filename was the uncleaned id. This
allowed everyone with upload-privileges (on the whole wiki) and XML-RPC
privileges on a XML-RPC-enabled DokuWiki to (over)write any file PHP is
allowed to write with any content he wants. If you have XML-RPC enabled
and users with XML-RPC and upload privileges you don't trust in a way
you would allow them to write any file PHP may write, consider this as
an important security fix. By default XML-RPC is disabled, so if you
don't know what I'm talking about you are probably not affected by the
problem.

0 files changed, 0 insertions, 0 deletions