[pmwiki-users] Permissions, edits and comments
Patrick R. Michaud
pmichaud at pobox.com
Sat Sep 30 11:59:49 CDT 2006
On Sat, Sep 30, 2006 at 11:44:37AM -0500, Patrick R. Michaud wrote:
> On Sat, Sep 30, 2006 at 10:02:39AM -0500, Patrick R. Michaud wrote:
> > On Sat, Sep 30, 2006 at 04:52:39PM +0200, Mike wrote:
> > > As posted before,
> > > CommentBox seems to have a possible security issue by allowing users to
> > > post directives,
>
> If you're running 2.2.0-beta7 or later and want to try an
> automatically downloaded blocklist for commentbox, this
> ought to now be possible with:
>
> $EnableBlocklist = 1;
> if ($action == 'comment')
> $BlocklistDownload['Site.Blocklist-comment'] = array('format' => 'pmwiki');
OOOOPS. No, this won't work yet. Turns out that
commentboxplus.php is using HandleEdit, which means
that the above will prevent people from adding comments
to pages that already have a (:title:) directive on them.
I'll have think a bit more about how we might handle
per-action blocklists -- this really isn't something
that we had explicitly contemplated before now (at
least I wasn't aware of it).
(Pm prepares to hit 'send' on this message... and then...)
Oh! Yes, I do know how to handle it. Okay, I'll add the
capability into an upcoming beta where we can test it.
Thanks,
Pm
More information about the pmwiki-users
mailing list