[pmwiki-users] BUG: Targets w/Dot Allow Editing

Ryan D'Baisse ryan.dbaisse at gmail.com
Mon Aug 1 10:28:34 CDT 2005


Okay, this has GOT to be a bug.  Here's what I have found...
 
-----------------------
 
VERSION:
PmWiki v2.0 Beta 19
 
PROBLEM:
Navigating to non-existing pages freely allow anyone access to the "Edit"
window.  All other pages prompt for password.
 
SYNOPSIS:
A new wiki has a group, "My Friends".  Some of the target pages have a dot
(or period) in the name (i.e. "John P. Smith").  Targets with the dot in the
name cause an invalid link to be rendered.  Selecting that link allows
editing of that page without prompting for passwords.
 
    Example of Target Without Dots:
    * [[My Friends/Joe Blow]]
 
    Example of Resulting Link Without Dots (user prompted for password
before edit):
    http:// <http://<server> <server
name>/pmwiki.php?n=MyFriends.JoeBlow?action=edit
    
    Example of Target WITH Dots:
    * [[My Friends/Joe D. Blow]]
 
    Example of Resulting link WITH Dots (user NOT prompted for password
before edit):
    http:// <http://<server> <server
name>/pmwiki.php?n=JoeD.Blow?action=edit
 
-----------------------
 
Fortunately, I have not gone live with the wiki I am building.  Could
someone please validate this and let me know if it is resolved in a future
build?
 
-- Ryan
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20050801/a70013bd/attachment.html 


More information about the pmwiki-users mailing list