Since the last major upgrade 2008-01-09 Fox was by default open to receive input not just from form controls but also via url parameter input.
I now changed this default, so Fox is by default only accepting input from form submissions (via PHP $_POST). Input from url parameters (via PHP $_GET) can be achieved by setting a new config variable $EnableFoxUrlInput = true; This security measure is in additional to having to set explicitly page posting permissions and authorisation level for page access. Please consider upgrading, any feedback and suggestions are very welcome! ~Hans _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users