[pmwiki-users] spam despite edit restriction

Hans design5 at softflow.co.uk
Sun Nov 26 08:14:04 CST 2006


Sunday, November 26, 2006, 1:14:02 PM, Florian wrote:

> These pages are all empty. Apart from that the pages all belong into a
> certain group (Review). Note that's the group I use in combination with
> the newpageboxplus recipe to simplify page creation.

Most likely this is cause by an exploitation of newpageboxplus
capability to save automatically a new page.

I would be very interested to know of a good way to include checking
of edit authorisation into the script.

Meanwhile, if you don't use the save=true option, just disable it in
the script by commenting in var $defaults
'save' => '',

ie replace
    'save' => '');
with
#    'save' => ''
);

Maybe I need to include a variable SDV($EnableAutoSave, false);
as default, to disable the auto saving option, and let admins decide
when they need to enable it. It is useful for simple forum for
example, as a way to create new topic pages, even by users who have no
edit rights granted. But obviously spammers could exploit this, as
they can on any open forum. Ideas?


Hans





More information about the pmwiki-users mailing list