[pmwiki-users] Re: stylish liberated authors and css
Patrick R. Michaud
pmichaud at pobox.com
Thu Aug 25 13:08:33 CDT 2005
On Fri, Aug 19, 2005 at 05:09:23PM +0530, V.Krishn wrote:
> actually this should have been:
> $PageCSSListFmt = array(
> '$FarmD/pub/css/local.css' => '$FarmPubDirUrl/css/local.css',
> '$FarmD/pub/css/$Group.css' => '$FarmPubDirUrl/css/$Group.css',
> '$FarmD/pub/css/$FullName.css' => '$FarmPubDirUrl/css/$FullName.css',
>
> 'pub/css/local.css' => '$PubDirUrl/css/local.css',
> 'pub/css/$Group.css' => '$PubDirUrl/css/$Group.css',
> 'pub/css/$FullName.css' => '$PubDirUrl/css/$FullName.css',
>
> 'uploads/local.css' => '$UploadUrlFmt/local.css',
> // I am doubtful about the above one
> uploads/$Group/$Group.css' => '$UploadUrlFmt/$Group/$Group.css',
> 'uploads/$Group/$FullName.css' => '$UploadUrlFmt/$Group/$FullName.css'));
Possibly useful as a local customization or cookbook recipe, but
it's definitely not going into the core distribution.
With the above it is all too easy for a malicious author to do
"Attach:Main.css" and upload a .css file containing
body { display:none; }
which pretty well messes things up until someone who recognizes what's
going on can come along and fix it.
Pm
More information about the pmwiki-users
mailing list