[pmwiki-users] PmWiki 2.1.24 released (improvements to AuthUser)

George gdb at soundchasers.com
Wed Sep 6 22:55:39 CDT 2006


I'm unable to get the analyzer page to work.  I set up the module, set 
up my key, and enter everything in the form, but the page keeps telling 
me the module is missing.  Oddly enough, if I manually enter:


In my browser, my site comes back with a bunch of information about the 
current configuration (which, itself answers my question -- the PHP 
version is 4.4.4 -- which should be safe).

Just thought you'd like to know that I think the Analyzer page is broken. :)

// George

Patrick R. Michaud wrote:
> I've just released version 2.1.24 of PmWiki, now available from
>     http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.24.tgz
>     http://www.pmwiki.org/pub/pmwiki/pmwiki-2.1.24.zip
>     http://www.sourceforge.net/projects/pmwiki
>     svn://pmwiki.org/pmwiki/tags/latest
> There have been a quite a few releases in the last couple of days,
> addressing a variety of bugs and adding some features, so I'll try
> to summarize some of them here.
> For those who haven't heard already, some installations of PmWiki
> prior to version 2.1.21 may be susceptible to a botnet exploit
> that has been found "in the wild".  Sites that have PHP's 
> register_globals feature turned off are not vulnerable.  Reportedly
> PHP versions later than 4.4.3 and 5.1.4 are not vulnerable either.
> We've put together a "site analyzer" tool at 
> http://www.pmwiki.org/wiki/PmWiki/SiteAnalyzer that can be used
> to determine if a site is vulnerable to this latest exploit, as
> well as make other recommendations regarding site configuration.
> Over time we'll be adding more features to the site analyzer, so
> be sure to check back periodically to see if new features have been
> added.  (I'll also announce important updates to the site 
> analyzer on the mailing lists.)
> The 2.1.24 release of PmWiki adds some long-requested capabilites 
> to authuser.php.  First, it fixes a couple of minor configuration
> difficulties.  More importantly, AuthUser now has the ability to 
> read and parse Apache ".htgroup" files, and to set group 
> memberships from within local/config.php .
> To specify a .htgroup file from local/config.php, use:
>     $AuthUser['htgroup'] = '/path/to/.htgroup';
> To specify a .htgroup file from Site.AuthUser, use:
>     htgroup: /path/to/.htgroup
> These are essentially the same mechanisms used for specifying
> .htpasswd files.
> To define authorization groups in local/config.php:
>     $AuthUser['@editors'] = array('alice', 'bob');
>     $AuthUser['@admins'] = array('alice', 'dave', 'bob');
> -----
> Questions and feedback welcomed as always.  Don't forget to
> add your site to our Frappr! map, at http://www.frappr.com/pmwiki .
> Thanks,
> Pm
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users

More information about the pmwiki-users mailing list