[pmwiki-users] pmform captchas bypassed on thinkhost.com

Hans design5 at softflow.co.uk
Mon Jul 14 10:05:32 CDT 2008

Monday, July 14, 2008, 3:28:29 PM, Patrick R. Michaud wrote:

> I see three possible solutions to this:

> 1.  Make Captcha part of the core, with Site.EditForm preconfigured to
>     display a captcha whenever $EnablePostRequiresCaptcha is set.

> 2.  Leave Captcha as a recipe, but modify the distributed Site.EditForm
>     to display a captcha whenever $EnablePostRequiresCaptcha is set.

> 3.  Provide a Site.EditForm with the Captcha recipe, and instructions
>     to tell an admin how to configure it into the system (this actually
>     may be the status quo).

I don't like any of these, as I don't see the point in a Captcha on
the edit form. Most wikis I guess trust their editors enough not to
require them to input captcha values. Often the edit access is
restricted by password.

I see a value in a captcha on apage with a form, where submitting is
possible by site visitors.

I recommend to advise admins who want to use the Captcha recipe
to add something like this to config.php, for wikis with edit
access restrictions:

$EnablePostCaptchaRequired = 1;
if (CondAuth($pagename,'edit'))
        $EnablePostCaptchaRequired = 0;


More information about the pmwiki-users mailing list