[pmwiki-users] ZAP and "fun with forms"

Patrick R. Michaud pmichaud at pobox.com
Fri Apr 20 08:24:24 CDT 2007


On Fri, Apr 20, 2007 at 05:39:10AM -0400, The Editor wrote:
> [...] I'm curious what mechanism Pm is using to
> validate each post submission for authenticity. 

At the moment, one has to have edit permission on a page in order
to post to it.

> It may not be that
> critical for  PTV replacement, but for deleting pages, resetting
> passwd attributes, sending emails, or authenticating members, Pm may
> recommend tougher security.

I would definitely recommend tougher security for this, and I don't 
have any plans to use this interface for deleting pages, resetting
password attributes, sending emails, authenticating members, etc.

> ZAP may also wait till the page insertion (comments) come out, as that
> will also make a major impact on how it (and Fox) works. That way
> there could be one major upgrade instead of two. I suspect this is
> likely to be done soon now that Pm is in heart of the forms processing
> phase of this round of beta development. I think that is one of the
> last things still slated on his roadmap.

Yes, it is one of the last things on the roadmap, and part of the 
reason for this "push" in development (I want to get 2.2.0 out of 
beta).

> I'm wondering if Pm, or any current ZAP users have input on the
> direction ZAP should pursue?

Since ZAP's goals are somewhat different from mine, I don't have
any real recommendations.  None of the code that I've been implementing
should have any direct negative impact on ZAP.

Pm



More information about the pmwiki-users mailing list