[pmwiki-users] ZAP security vulnerability...

Patrick R. Michaud pmichaud at pobox.com
Thu May 3 15:11:44 CDT 2007


On Thu, May 03, 2007 at 09:09:19PM +0100, Hans wrote:
> Thursday, May 3, 2007, 8:55:39 PM, The Editor wrote:
> 
> > I don't like the target string approach.  I'm not going to use it.
> > What do you do for forums that have multiple pages, created by users
> > automatically?
> 
> I use a group.php i.e. local/Forum.php which has  a lot of group
> customisations, and includes an entry to the pattern array:
> 
> $FoxNameFmt[] = 'Forum.*';
> 
> allowing posting to any page in group Forum.
> I could still exempt some pages from this with negative names:
> 
> $FoxNameFmt[] = '-Forum.GroupFooter';
> 
> So this supplements the permission string check.
> The string check is useful as authors can add it to pages.
> The pattern array is under admin control.

Precisely the approach I'm ending up taking, FWIW.

Pm



More information about the pmwiki-users mailing list