[pmwiki-users] Concern about insert vs edit

Patrick R. Michaud pmichaud at pobox.com
Mon Oct 2 09:15:04 CDT 2006


On Mon, Oct 02, 2006 at 07:51:18AM -0400, Crisses wrote:
>    On Oct 2, 2006, at 12:09 AM, Patrick R. Michaud wrote:
> 
>      [N.B.: On this page I used PmWiki's (:input ...:) markup to build the 
>      form, but anyone could create a form in HTML that would be sufficient
>      to add comments to the page.  And a spammer can easily write
>      a script to post content to any page, although it's still
>      filtered by any blocklist recipes in place.)
> 
>    On the blocklist2/3, this only works if they invoke their blocklist with
>    if action == edit AND action == comment.
> 
>    Have you changed this behavior on the internal blocklist feature to make
>    it include comment & edit automatically?

Short answer: yes.

Longer answer -- the new internal blocklist feature works as part 
of the standard "update page and history" cycle.  So, anything
that calls HandleEdit invokes the blocklist filter, regardless of
the ?action= being used.

Since commentboxplus.php calls HandleEdit to perform its save, that
means that the blocklist applies to comments.

However, to be on the safe side, the internal blocklist filter
also explicitly calls the blocklist filter whenever ?action=comment.
This is just in case there are any commenting recipes out there that
aren't using HandleEdit() to perform the page update.

Pm




More information about the pmwiki-users mailing list