[pmwiki-users] ZAP fix...
The Editor
editor at fast.st
Wed May 2 04:25:14 CDT 2007
A temporary fix has been added to the ZAP recipe to effectivly block
the attack Pm has demonstrated. It should be downloaded by anyone that
has ZAP enabled on one or more pages and one or more openly editable
pages.
A more thorough solution is still forthcoming as there may well be
other capabilities in PmWiki that allow this kind of attack to be
made. Thanks again Pm for exposing this so it could be fixed. I'm
looking forward to your recommendations for a more thorough security
solution.
Cheers,
Dan
More information about the pmwiki-users
mailing list