[pmwiki-users] ZAP security vulnerability...

Hans design5 at softflow.co.uk
Thu May 3 15:09:19 CDT 2007


Thursday, May 3, 2007, 8:55:39 PM, The Editor wrote:

> I don't like the target string approach.  I'm not going to use it.
> What do you do for forums that have multiple pages, created by users
> automatically?

I use a group.php i.e. local/Forum.php which has  a lot of group
customisations, and includes an entry to the pattern array:

$FoxNameFmt[] = 'Forum.*';

allowing posting to any page in group Forum.
I could still exempt some pages from this with negative names:

$FoxNameFmt[] = '-Forum.GroupFooter';

So this supplements the permission string check.
The string check is useful as authors can add it to pages.
The pattern array is under admin control.


  ~Hans




More information about the pmwiki-users mailing list