ikiwiki does not expose untrusted data to the shell. In fact it doesn't use
system() at all, and the only use of backticks is on data supplied by the
-wiki admin. And it runs with taint checks on of course..
+wiki admin and untainted filenames. And it runs with taint checks on of course..
## cgi data security
Cracking the password only allows editing the wiki as that user though.
If you care, you can use https, I suppose.
-# Fixed holes.
+# Fixed holes
+
+_(Unless otherwise noted, these were discovered and immediaty fixed by the ikiwiki developers)_
## destination directory file replacement