Monday, May 10, 2010, 12:50:08 AM, Tegan wrote: > Am I right in thinking that it would not be a problem, in practice, > in a wiki that was 'locked down' for editing by only a trusted few > -- i.e. that one must have edit access to at least one page of the > site in order to insert the malicious code?
Apart from having edit permissions users may be able to post content via add-ons like CommentBox. Posting simple table markup as part of a comment may well be possible. So I think it would be prudent to upgrade any wiki which uses recipes to enable user content input of any kind (comment forms, other forms, calendar event input etc). Hans _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
