[pmwiki-users] Security Update for Fox recipe

Hans design5 at softflow.co.uk
Fri Feb 15 07:41:38 CST 2008

Since the last major upgrade 2008-01-09 Fox was by default open to
receive input not just from form controls but also via url parameter

I now changed this default, so Fox is by default only accepting
input from form submissions (via PHP $_POST).

Input from url parameters (via PHP $_GET) can be achieved by setting a new
config variable
   $EnableFoxUrlInput = true;

This security measure is in additional to having to set
explicitly page posting permissions and authorisation level for page

Please consider upgrading, any feedback and suggestions are very


More information about the pmwiki-users mailing list