On 10/19/11 14:05, wen heping wrote: > Hi, > > Here is an update of www/mediawiki to 1.7.0. > > Tested on Loongson and no regress. > > Comments? OK ? > > > wen Hi,
That's update to 1.17.0.. In the PLIST +mediawiki/cache/.htaccess @mode a+w mediawiki/config/ +@mode +mediawiki/config/OBSOLETE +@mode a+w mediawiki/config/index.php @mode mediawiki/config/index.php5 All users write access to mediawiki/config directory that's almost always wrong, only /tmp or /var/tmp have this but also have sticky bit set. A directory named config if truly for configurations as implied by the name it's most definitely wrong. Then mediawiki/config/index.php, executable code with all users write access, that's wrong. index.php shouldn't be modified as supplied by the package and sha checksummed, pkg_add will complain if modified on updates. You don't place any executable code in a rw directory. Not used this software. Looks like this has been wrong from the start. Could possibly be an upstream. It's no worse than it was before, but I can't say it's Ok. Nigel
