[pmwiki-users] ZAP default settings question...

The Editor editor at fast.st
Thu Mar 15 08:44:17 CDT 2007


Just a note--I've been able to get the new Site.ZAPconfig page working
as far as I can tell, both in enabling modules and in retrieving
default values.  Very cool.  It makes creating ZAPextensions even
easier...

I have two variables however I'm inclined to leave as SDV var's and
force them to be set in a regular config page, rather than the wiki:

ZAPphp = substr,strpos,time,date
ZAPmath = /^[-+*/% ()0-9.]+$/

The first is a CSV list of which php commands can be processed by ZAP
and the second  tells which characters can be evaluated by the math
command.  I'm not sure how much more vulnerable a wiki page is to a
config file, but perhaps these two default settings should be avoided?

And while on the subject, I would really be open to a list of php
commands others might find useful to perform on form values. The four
I picked were really just randomly selected for testing purposes.  Now
would be a good time to put in a request for your favorite php
functions!

Cheers,
Dan



More information about the pmwiki-users mailing list