[pmwiki-users] Concern about insert vs edit

Neil Herber nospam at eton.ca
Sun Oct 1 23:27:07 CDT 2006


At 2006-10-01  11:09 PM -0500, Patrick R. Michaud is rumored to have said:
>Actually, the way commentboxplus is written, you can.  See, for example,
>
>     http://www.pmwiki.org/sandbox/cbox/pmwiki.php?n=Main.WikiSandbox
>
>Note that the page does not contain a (:commentbox:) markup, yet
>it's possible for someone to add things to the page.  In fact,
>as written the commentboxplus recipe makes it possible for anyone
>to add content to any page.
>
>[N.B.: On this page I used PmWiki's (:input ...:) markup to build the
>form, but anyone could create a form in HTML that would be sufficient
>to add comments to the page.  And a spammer can easily write
>a script to post content to any page, although it's still
>filtered by any blocklist recipes in place.)

Drat! And here I thought things were so safe ... but at least the 
spamming is nicely formatted and tagged.  :-(

I have taken a crack at a password matrix and tested your comment 
code on my site here:

http://neil.eton.ca/wiki/index.php/Guest/Passwords



Neil Herber
Corporate info at http://www.eton.ca/ 





More information about the pmwiki-users mailing list