[pmwiki-users] RSS Feed + Read Protected Groups
Patrick R. Michaud
pmichaud at pobox.com
Mon Jan 9 20:49:15 CST 2006
On Mon, Jan 09, 2006 at 05:13:38PM -0700, H. Fox wrote:
> On 1/6/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > even if $EnablePageListProtect=0; in local/Eberron.php,
> > it's possible for someone to use that to see the existence of pages
> > in all groups. Essentially someone can then do:
> >
> > .../pmwiki.php/Eberron/RecentChanges?action=rss&trail=Site.AllRecentChanges
>
> Can the trail somehow be restricted? I'm thinking you could do, in
> e.g. Eberron.RecentChanges.php,
>
> if ($action == 'rss') {
> $EnablePageListProtect = 0;
> {the trail} = {this page and not any other page}
> }
if ($action == 'rss') {
$EnablePageListProtect = 0;
$_REQUEST = array('action' => 'rss');
}
Pm
More information about the pmwiki-users
mailing list