[pmwiki-users] spam despite edit restriction
Hans
design5 at softflow.co.uk
Sun Nov 26 12:43:21 CST 2006
Sunday, November 26, 2006, 4:59:12 PM, The wrote:
> One way around this is to have some kind of authorization built into
> the recipe that verifies the form submission is authentic. If you are
> interested in using zap's approach I could point you to the
> appropriate lines of code. It works pretty nice and could be
> transported to your recipe. Basically it causes forged headers to be
> ignored.
I would be interested to know how forged headers can be ignored.
> I do have a function that checks the submitters auth level and can be
> set to check the submitter has edit privileges, but that doesn't solve
> the problem I think you mentioned, of things like forums, etc, where
> people might be posting who cannot edit. Also, I suspect you already
> have that built in to your recipe.
PmWiki has a function CondAuth($pagename, 'auth_level')
which can be used for checking privileges, I discovered today.
I added a note to page Pmwiki.Functions
Hans
More information about the pmwiki-users
mailing list