[Pmwiki-users] Small Change: Password protection for "action=diff"
Benedikt Hochstrasser
bhoc
Sun Jun 13 15:02:59 CDT 2004
>As opposed to adding a new password type just for diff (yet another
>password to remember!), I will probably change pagerev.php to use
>the variable $DiffPasswordLevel, with the default being "read".
>If someone wants to prevent the public from viewing diffs they can
>change $DiffPasswordLevel to "edit", which means that only those who
>have edit privileges can see the page history.
The initial intention was: "do I or don't I protect access to page revisions". A normal person would a) leave it unset or b) copy the "read" password line in config.php.
Of course I leave the implementation to you - you're the master of disaster, so to speak. :-)
>BTW, in existing versions of PmWiki one can already password-protect
>the diff function using the 'edit' password--add the following to
>config.php (assuming the page doesn't require a different read
>password):
>
> if ($action=='diff') {
> $page = RetrieveAuthPage($pagename,'edit');
> if (!$page) Abort("?cannot diff $pagename");
> }
Thanks for the hint. This will at least preserve the modification to future versions. I'm always a bit shy of modificating the source itself - not because out of fear to destroy
something, but rather out of fear I'd forget where exactly I did my zillion modifications. ;-)
--
Ben
More information about the pmwiki-users
mailing list