[pmwiki-users] Security/information leak in PmWIki
Neil Herber
nospam at mail.eton.ca
Thu Feb 17 16:37:42 CST 2005
At 2005-02-17 04:02 PM -0600, Patrick R. Michaud is rumored to have said:
> > One unexpected side effect of this code is that the (:pagelist:) markup no
> > longer lists the Private pages. That is fine outside the Private group,
> but
> > it would be convenient if it worked inside the Private group. Not a show
> > stopper, and much better than having the names exposed.
>
>Change your config.php to read:
>
> if (strncmp($pagename, 'Private.', 8) != 0) {
> $SearchPatterns['default'][] = '!^Private\.!';
> $SearchPatterns['all'][] = '!^Private\.!';
> $SearchPatterns['normal'][] = '!^Private\.!';
> }
>
>This excludes the Private group from searches only if you're not
>already in the Private group. :-)
This *almost* works. If I put the markup (:pagelist group=Private:) on the
Private.HomePage and click preview, the page list appears in the preview.
But when I save the page, the page list does not appear!
I have another related request: What markup do I put on a Private group
page to make a search box that searches the Private group?
Neil
Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668
More information about the pmwiki-users
mailing list