[pmwiki-users] PmWiki 2.1.24 released (improvements to AuthUser)

Patrick R. Michaud pmichaud at pobox.com
Wed Sep 6 17:07:40 CDT 2006

I've just released version 2.1.24 of PmWiki, now available from


There have been a quite a few releases in the last couple of days,
addressing a variety of bugs and adding some features, so I'll try
to summarize some of them here.

For those who haven't heard already, some installations of PmWiki
prior to version 2.1.21 may be susceptible to a botnet exploit
that has been found "in the wild".  Sites that have PHP's 
register_globals feature turned off are not vulnerable.  Reportedly
PHP versions later than 4.4.3 and 5.1.4 are not vulnerable either.

We've put together a "site analyzer" tool at 
http://www.pmwiki.org/wiki/PmWiki/SiteAnalyzer that can be used
to determine if a site is vulnerable to this latest exploit, as
well as make other recommendations regarding site configuration.
Over time we'll be adding more features to the site analyzer, so
be sure to check back periodically to see if new features have been
added.  (I'll also announce important updates to the site 
analyzer on the mailing lists.)

The 2.1.24 release of PmWiki adds some long-requested capabilites 
to authuser.php.  First, it fixes a couple of minor configuration
difficulties.  More importantly, AuthUser now has the ability to 
read and parse Apache ".htgroup" files, and to set group 
memberships from within local/config.php .

To specify a .htgroup file from local/config.php, use:

    $AuthUser['htgroup'] = '/path/to/.htgroup';

To specify a .htgroup file from Site.AuthUser, use:

    htgroup: /path/to/.htgroup

These are essentially the same mechanisms used for specifying
.htpasswd files.

To define authorization groups in local/config.php:

    $AuthUser['@editors'] = array('alice', 'bob');
    $AuthUser['@admins'] = array('alice', 'dave', 'bob');


Questions and feedback welcomed as always.  Don't forget to
add your site to our Frappr! map, at http://www.frappr.com/pmwiki .



More information about the pmwiki-users mailing list