Really grafeul for your comments about the security, I'm relativrly new to Mediawiki developement, and suspected there maybe problems of this nature, hence making the project beta. Any ideas how this can be recified, I had assumed (obviously incorrectly) that as the editable parts of the extension can only be added by the wiki admin through cpanel then the risk of injection couldn't occur?
Really appreciate any support :)
Many thanks, Lee
ps when I asked an editor for advice on who to contact about this I was advised to ask someone at IRC to review the code, but got a little lost in how to do this. I suppose this will mean adding more code so that only logged in memebers can use the form and that the recipient is a single defined wiki admin? Would this resolve the security issue?