[pmwiki-users] Blocklist-based "redirecting"

Patrick R. Michaud pmichaud at pobox.com
Mon Oct 23 15:55:20 CDT 2006


On Mon, Oct 23, 2006 at 10:48:22PM +0200, kirpi at kirpi.it wrote:
> >Pm:
> >What prevents Jane from bypassing the "contact" link and going
> >directly to the FullContactPage ?
> 
> Right :-(
> Well, mine was a quick example, actually.
> Maybe the FullContactPage itself could be really blocked, so *no*
> access in case you come from a blocklisted IP.

It's not the display of the form that needs to be blocked, 
but rather what is done with the form data when Jane hits the 
submit button.  Even if the form isn't displayed to Jane, she 
can always forge a form locally and use that to send data
to the target server.

> On the whole, I'm trying to figure out how to use the existing pmwiki
> tools to filter out spammers from my forms. 

Where are the results of the form going?  Are they going back
to PmWiki (e.g., a recipe), or are they going to another script 
altogther?

If it's another script, then _that's_ where the blocking needs
to be happening.  If the results of the form are going back to
PmWiki, then yes, it would be possible for local/config.php
or the recipe to make use of PmWiki's built-in blocking features.

Pm




More information about the pmwiki-users mailing list