On Wed, 13 Jun 2007 17:14:13 +0300, Patrick R. Michaud <[EMAIL PROTECTED]> wrote: > On Wed, Jun 13, 2007 at 04:26:04PM +0300, blues wrote: >> On Wed, 13 Jun 2007 13:06:04 +0300, Patrick R. Michaud >> <[EMAIL PROTECTED]> wrote: >> > Always sending from a fixed address can be done a variety of ways... >> > the easiest is to set the 'from' field in the configuration: >> > >> > $PmForm['mailform'] = >> > '[EMAIL PROTECTED] [EMAIL PROTECTED] >> > form=#mailform fmt=#mailpost'; >> >> going out from the thread, i wanted to ask a side-question. >> is it possible to specify the configuration (form=, fmt= etc.) >> directly on the (:pmform:) markup? ala pagelist, somehow. >> that way it would be easier to configure, without messing >> with the php scripts. > > One can specify the form= paramter within the (:pmform:) markup, > but specifying fmt= or mailto= within (:pmform:) is generally > disallowed as a potential security risk, as it would allow > authors to send mail to arbitrary places or post data.
in the case of the mailform, yes, but that is not the only thing pmform can do. > Eventually there will be a SiteAdmin.PmFormConfig page where an > administrator can specify the configuration without needing the > php scripts. And I may provide an option to relax the restriction > on (:pmform:) for sites that aren't concerned about security > issues. But the default will generally be that certain parameters > can only be specified in the configuration itself. the SiteAdmin.PmFormConfig page solution is very nice, i think. :) keep up the great work. blues _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
