[pmwiki-users] Security Update for Fox recipe
Hans
design5 at softflow.co.uk
Fri Feb 15 07:41:38 CST 2008
Since the last major upgrade 2008-01-09 Fox was by default open to
receive input not just from form controls but also via url parameter
input.
I now changed this default, so Fox is by default only accepting
input from form submissions (via PHP $_POST).
Input from url parameters (via PHP $_GET) can be achieved by setting a new
config variable
$EnableFoxUrlInput = true;
This security measure is in additional to having to set
explicitly page posting permissions and authorisation level for page
access.
Please consider upgrading, any feedback and suggestions are very
welcome!
~Hans
More information about the pmwiki-users
mailing list