[pmwiki-users] Posting Permission Patterns

The Editor editor at fast.st
Fri May 4 13:12:37 CDT 2007


>  // the following patterns for 'current page' and 'current group'
>  // could be exploited to post to edit protected pages
>  '{$Group}.{$Name}',    // current page
>  '{$Group}.*',          // all pages in current group
> */


Can you explain how these could be exploited, either on or off list.
It seems with the approach Pm used, the imposed markup would not in
any way override or change these page variables.  Or is it some other
mechanism you are referring to?

Also, another question about your proposed plan.  You will require Fox
admins to set these patterns in a config file for each form that needs
a different set of patterns?  That's a lot of config editing isn't it?

Cheers,
Dan



More information about the pmwiki-users mailing list