Security Fix: do not allow skipacl in XMLRPC

Ignore-this: 517a7546aab86c5370cccf1aa2171490

Parameters passed to dokuwiki.getPagelist and wiki.getAttachments could
contain the option "skipacl" which would prevent ACL checking. This
could leak information about usually non-readable files (like filenames,
sizes and so on). The content of the files was not accessible.

XMLRPC is disabled by default.

darcs-hash:20091116220523-7ad00-0fa8a9a7a52076619c6836738f9a1f00a6dafe27.gz

0 files changed, 0 insertions, 0 deletions