[pmwiki-users] PmForm (Mailform) questions
blues
blues4u at supereva.it
Thu Jun 14 03:42:27 CDT 2007
On Wed, 13 Jun 2007 17:14:13 +0300, Patrick R. Michaud
<pmichaud at pobox.com> wrote:
> On Wed, Jun 13, 2007 at 04:26:04PM +0300, blues wrote:
>> On Wed, 13 Jun 2007 13:06:04 +0300, Patrick R. Michaud
>> <pmichaud at pobox.com> wrote:
>> > Always sending from a fixed address can be done a variety of ways...
>> > the easiest is to set the 'from' field in the configuration:
>> >
>> > $PmForm['mailform'] =
>> > 'mailto=someone at example.com from=pmwiki at server.com
>> > form=#mailform fmt=#mailpost';
>>
>> going out from the thread, i wanted to ask a side-question.
>> is it possible to specify the configuration (form=, fmt= etc.)
>> directly on the (:pmform:) markup? ala pagelist, somehow.
>> that way it would be easier to configure, without messing
>> with the php scripts.
>
> One can specify the form= paramter within the (:pmform:) markup,
> but specifying fmt= or mailto= within (:pmform:) is generally
> disallowed as a potential security risk, as it would allow
> authors to send mail to arbitrary places or post data.
in the case of the mailform, yes, but that is not the only thing
pmform can do.
> Eventually there will be a SiteAdmin.PmFormConfig page where an
> administrator can specify the configuration without needing the
> php scripts. And I may provide an option to relax the restriction
> on (:pmform:) for sites that aren't concerned about security
> issues. But the default will generally be that certain parameters
> can only be specified in the configuration itself.
the SiteAdmin.PmFormConfig page solution is very nice, i think. :)
keep up the great work.
blues
More information about the pmwiki-users
mailing list