On 9/2/2011 12:39 PM, Håkan Sandell wrote:
I've sent you a reply off list in reply to you suggestions, and uploaded a fix to github which implements hsc() for user input as you suggested.2011/9/1 Myron Turner<turnermm02@xxxxxxx>:notice that it has a security risk, which I believe was put in place by Sandell.Hakan:Yes, that was meby ACL. I took a look at this and updated the plugin to apply ACL rules to the template pages which it opens. Perhaps Sandell could look at the updated version.I added some minor comments to your GitHub commit, but the security problem is fix now IMHO. /Håkan
Thanks, Myron -- Myron Turner http://mturner.org/ http://mturner.org/fckgLite https://github.com/turnermm -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist