[pmwiki-users] Concern about insert vs edit
Neil Herber
nospam at eton.ca
Sun Oct 1 23:27:07 CDT 2006
At 2006-10-01 11:09 PM -0500, Patrick R. Michaud is rumored to have said:
>Actually, the way commentboxplus is written, you can. See, for example,
>
> http://www.pmwiki.org/sandbox/cbox/pmwiki.php?n=Main.WikiSandbox
>
>Note that the page does not contain a (:commentbox:) markup, yet
>it's possible for someone to add things to the page. In fact,
>as written the commentboxplus recipe makes it possible for anyone
>to add content to any page.
>
>[N.B.: On this page I used PmWiki's (:input ...:) markup to build the
>form, but anyone could create a form in HTML that would be sufficient
>to add comments to the page. And a spammer can easily write
>a script to post content to any page, although it's still
>filtered by any blocklist recipes in place.)
Drat! And here I thought things were so safe ... but at least the
spamming is nicely formatted and tagged. :-(
I have taken a crack at a password matrix and tested your comment
code on my site here:
http://neil.eton.ca/wiki/index.php/Guest/Passwords
Neil Herber
Corporate info at http://www.eton.ca/
More information about the pmwiki-users
mailing list