Emiliano Gabrielli wrote: | The following code will assure that, if the HTML generated by elog would be modified by hand by a malicious user the server can still preset the author field with the right $long_name? |
Ok, you're right. But that requires quite some knowledge to change the generated HTML by hand. So for paranoiac people the "Subst" might be better. Actually you could have both the "Preset on Reply" and the "Subst on Reply", so on the reply entry form one sees already the correct author. |