[pmwiki-users] read password information leak

Neil Herber nospam at mail.eton.ca
Mon Mar 7 12:10:35 CST 2005


At 2005-03-07  11:51 AM -0600, Patrick R. Michaud is rumored to have said:
>I think that if this much security is needed, then the site admin
>should probably look to limiting access to refcount.php or using a
>farm/field.  That said, I suppose I could write refcount to honor
>the $EnablePageListProtect variable, but this really opens the
>door to some confusing results.

Geez ... I should read first, then type!

Farmconfig now has:

         if ($action == 'refcount') 
include_once("$FarmD/scripts/refcount.php");

So I suspect the solution for me is

         if ($action == 'refcount' and @$_SERVER['REMOTE_USER'] == 'Neil') 
include_once("$FarmD/scripts/refcount.php");

Not sure of the exact syntax ...


Neil

Neil Herber
Corporate info at http://www.eton.ca/
Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1
Tel: (613) 829-4668 




More information about the pmwiki-users mailing list