[pmwiki-users] Problem with FoxEdit

[Hans]

Sunday, December 23, 2007, 1:23:09 PM, mwowm at mail.com wrote:

> I'm using "$FoxPagePermissions['{$Group}.*'] = 'all';" to
> allow Fox to post only to pages within the current group.
> I'm trying to use FoxEdit, but it denies permission to
> post unless I am in the FoxTemplates group, since that's
> where the templates for the forms are.

When a page (or page section) is opened for FoxEdit, it is loaded into
the edit form, and {$Group} becomes the FoxTemplates group. So saving
is not permitted, since the target page is in a different group.

$FoxPagePermissions['{$Group}.*'] = 'all'; is not  a safe pattern.
There is no such thing as  a "current group", and the pattern can be
exploited to post to any page in any group.

You may as well set $FoxPagePermissions['*.*'] = 'all';
But if you do that you should make sure to have specific groups
excluded, like
$FoxPagePermissions['Site'] = 'none';
$FoxPagePermissions['FoxTemplates'] = 'none';

It is better and much safer to set the pattern to specific target
groups. Especially if you allow posting from anyone and not just
people who you can trust to have edit permissions.

  ~Hans