[Pmwiki-users] Re: hackers: Another good reason for authentication
Patrick R. Michaud
pmichaud
Sat Jun 19 04:05:29 CDT 2004
On Sat, Jun 19, 2004 at 12:56:21PM +1200, Robin wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Saturday 19 June 2004 08:26, Patrick R. Michaud wrote:
> > It still has some minor problems -- if a site url is placed in the
> > whitelist then one can use an '@' to get past the whitelist (e.g.,
> > http://www.pmwiki.org@spamhost.com/). A future version will disallow
> Can't you just alter the regex to something like (in Perl):
> m(http://[^@/]@*([^@/])/);
> ...only making the first [^@/] non-greedy (which I can't remember how to do
> right now) so it only expands to swallow all the '@'s, and no further?
It's the trailing slash that was causing me the problem--some people
write URLs without a trailing slash, as in http://www.pmwiki.org or
even just www.google.com (e.g., as proposed and implemented in
http://www.pmichaud.com/devel/pmwiki.php/Cookbook/LazyWebLinks).
So the pattern has to somehow say that the next character after the
prefix, if any, must be a slash--as in:
m(http://www.somehost.org(/|$))
I've now implemented this on pmwiki.org/devel and it seems to work.
Pm
More information about the pmwiki-users
mailing list