[pmwiki-users] Concern about insert vs edit
Patrick R. Michaud
pmichaud at pobox.com
Sun Oct 1 23:09:03 CDT 2006
On Sun, Oct 01, 2006 at 11:43:04PM -0400, Neil Herber wrote:
> If the author has embedded "commentboxplus" markup on the page, then
> they appear to be inviting comments.
>
> If the group footer contains the "commentboxplus" markup (the way I
> do it), then the admin has decided to allow comments on that groups pages.
>
> If neither of these applies, then it is a moot point, because you
> can't leave comments.
Actually, the way commentboxplus is written, you can. See, for example,
http://www.pmwiki.org/sandbox/cbox/pmwiki.php?n=Main.WikiSandbox
Note that the page does not contain a (:commentbox:) markup, yet
it's possible for someone to add things to the page. In fact,
as written the commentboxplus recipe makes it possible for anyone
to add content to any page.
[N.B.: On this page I used PmWiki's (:input ...:) markup to build the
form, but anyone could create a form in HTML that would be sufficient
to add comments to the page. And a spammer can easily write
a script to post content to any page, although it's still
filtered by any blocklist recipes in place.)
-----
Mostly, I've come to see that "insert" is really a general operation
that is useful for a lot more than just comments. For example,
commenting, voting, RSVP, IP/phrase blocking, and url-approval
activities are really just special cases of "insert", which is
itself a special case of "edit".
Pm
More information about the pmwiki-users
mailing list