[pmwiki-users] ZAP security vulnerability...
Hans
design5 at softflow.co.uk
Thu May 3 15:09:19 CDT 2007
Thursday, May 3, 2007, 8:55:39 PM, The Editor wrote:
> I don't like the target string approach. I'm not going to use it.
> What do you do for forums that have multiple pages, created by users
> automatically?
I use a group.php i.e. local/Forum.php which has a lot of group
customisations, and includes an entry to the pattern array:
$FoxNameFmt[] = 'Forum.*';
allowing posting to any page in group Forum.
I could still exempt some pages from this with negative names:
$FoxNameFmt[] = '-Forum.GroupFooter';
So this supplements the permission string check.
The string check is useful as authors can add it to pages.
The pattern array is under admin control.
~Hans
More information about the pmwiki-users
mailing list