[pmwiki-users] Security Update for Fox recipe

Hans design5 at softflow.co.uk
Fri Feb 15 07:41:38 CST 2008


Since the last major upgrade 2008-01-09 Fox was by default open to
receive input not just from form controls but also via url parameter
input.

I now changed this default, so Fox is by default only accepting
input from form submissions (via PHP $_POST).

Input from url parameters (via PHP $_GET) can be achieved by setting a new
config variable
   $EnableFoxUrlInput = true;

This security measure is in additional to having to set
explicitly page posting permissions and authorisation level for page
access.

Please consider upgrading, any feedback and suggestions are very
welcome!


  ~Hans   




More information about the pmwiki-users mailing list