[Pmwiki-users] Re: hackers: Another good reason for authentication
Robin
robin
Fri Jun 18 18:56:36 CDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Saturday 19 June 2004 08:26, Patrick R. Michaud wrote:
> It still has some minor problems -- if a site url is placed in the
> whitelist then one can use an '@' to get past the whitelist (e.g.,
> http://www.pmwiki.org@spamhost.com/). A future version will disallow
Can't you just alter the regex to something like (in Perl):
m(http://[^@/]@*([^@/])/);
...only making the first [^@/] non-greedy (which I can't remember how to do
right now) so it only expands to swallow all the '@'s, and no further?
> the '@' in this case. In addition, it might be nice if URLs that
> didn't make the whitelist were visually represented somehow (and
> perhaps automatically linked to the ?action=approveurls capability).
I'd say, some CSS styling that allows it to be lit up according to the admin,
and perhaps an '!' as the symbol (as an equivalent to '?'). The intent is
suitable to me, but '!' is narrow and hard to click...maybe ' ! '.
- --
Robin <robin at kallisti.net.nz> JabberID: <eythian at jabber.org>
Hostes alienigeni me abduxerunt. Qui annus est?
PGP Key 0x776DB663 = DD10 5C62 1E29 A385 9866 0853 CD38 E07A 776D B663
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA0481zTjgendttmMRAhHtAKCKnwXQ+XeKfNHsAkjAPyCt0zBDTwCfSWvy
wU9Sc3/y+BvZjftBcUAATQU=
=u9Xw
-----END PGP SIGNATURE-----
More information about the pmwiki-users
mailing list