Hi Dan,
> Here's the code at zapsite to give you an idea how zap's conditional's
> work:
>
> http://www.fast.st/zap/pmwiki.php?n=Snippets.Create
Yes, that's where I started from originally. You can break it by entering
a group name, "Files.a b c" results in:
Form submitted. Page Files.Files.a b c has been created.
You won't see that page name in the pagelist, because it's an illegal page
name, but I think it will be in the filesystem (potential for exploits?).
This problem was easier for me to spot because I had modified your snippet
to prefix the entered page name with a fixed group. That's where it
breaks.
> Just add something like
>
> (:zap passdata="fieldname" formname:)
That works perfectly, thank you
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
