[pmwiki-users] ZAP security vulnerability...
Crisses
crisses at kinhost.org
Tue May 1 19:33:31 CDT 2007
On May 1, 2007, at 8:02 PM, The Editor wrote:
> I won't argue with you on this as PmWiki is your program and you can
> of course decide what is a feature and what is a problem.
> Still--making it possible for a user to impose wiki markup on a page
> (via a template) for which he has no write permissions seems a glaring
> vulnerability to any recipe trying to do anything significant with a
> form. Especially when there's no mechanism for a recipe writer to
> escape markup, or modify in any way how that imposed markup is
> processed.
Hi,
Everyone here is adults.
There's a problem. Fix it. Stop pointing fingers.
Nuff said.
Either you fix it together, or you don't fix it together. That's the
choice given mature people. But pointing fingers is a horrendous
waste of time, and we all only have a finite amount of time. Stop
wasting time. Think, do, fix.
Thanks,
Crisses
More information about the pmwiki-users
mailing list