Description
The 'test' action, while useful for debugging, leaks way too much server info and possibly exposes a system to unnecessary attacks. For instance: If action=test reveals a Redhat FC1 server, then someone may decide to try the typical FC1 exploits against that system. The same goes for other systems. Additionally the action=test feature reveals path names and other data not useful for typical use.
-Jim P.
Steps to reproduce
Example
According to http://moinmoin.wikiwikiweb.de/?action=test
- -Python version 2.3.5 -Debian system -data is /org/de.wikiwikiweb.moinmoin/data
Workaround
Put this into your wiki / farm config:
actions_excluded = ["test"]
Plan
- Priority:
Assigned to: ThomasWaldmann
- Status: closed as this can be disabled by configuration