[pmwiki-devel] Safe way to take a page name as an argument in Markup

Sun Jan 24 02:24:50 CST 2010

On Sun, Jan 24, 2010 at 6:55 AM, Randy Brown <randy at brownragfilms.com>
 wrote:

> I assume there is a way for my directive to support any page name without
> introducing a security hole. I probably only need to support a page Name,
> rather than Group.Name, but for future reference it would be good to know
> how to support either.
>
> from pmwiki.php ResolvePageName():

"/^($GroupPattern)[.\\/]($NamePattern)$/i"

$GroupPattern and $NamePattern are defined as this:

$GroupPattern = '[[:upper:]][\\w]*(?:-\\w+)*';
$NamePattern = '[[:upper:]\\d][\\w]*(?:-\\w+)*';

-Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-devel/attachments/20100124/459c16a1/attachment.html 