[pmwiki-users] ZAP security vulnerability...
Patrick R. Michaud
pmichaud at pobox.com
Thu May 3 15:11:44 CDT 2007
On Thu, May 03, 2007 at 09:09:19PM +0100, Hans wrote:
> Thursday, May 3, 2007, 8:55:39 PM, The Editor wrote:
>
> > I don't like the target string approach. I'm not going to use it.
> > What do you do for forums that have multiple pages, created by users
> > automatically?
>
> I use a group.php i.e. local/Forum.php which has a lot of group
> customisations, and includes an entry to the pattern array:
>
> $FoxNameFmt[] = 'Forum.*';
>
> allowing posting to any page in group Forum.
> I could still exempt some pages from this with negative names:
>
> $FoxNameFmt[] = '-Forum.GroupFooter';
>
> So this supplements the permission string check.
> The string check is useful as authors can add it to pages.
> The pattern array is under admin control.
Precisely the approach I'm ending up taking, FWIW.
Pm
More information about the pmwiki-users
mailing list