[pmwiki-users] 2.2.0-beta65 and InitialPasswords

[Aaron]

I recently installed 2.2.0-beta65 and have been having great luck with it.
However, I uncovered some funniness tonight with regards to the information
in the InitialPasswords page (
http://www.pmwiki.org/wiki/PmWiki/InitialPasswords).

>From the page: "2. The change page attributes action is locked for the Main,
PmWiki, SiteAdmin, and Site workgroups."

Actually, I just ran a test using a new browser (IE, which I never use) and
found that without specifying a password, I can muck around with the attr
action on any page in Main and PmWiki.  SiteAdmin and Site seem to be
properly locked off.

Also from the page: "The default SideBar is Site.SideBar and is locked for
editing by default."

Looking at the attr's for the page, it appears that Site.SideBar is covered
by @_site_edit, but in the default installation, this password is not set,
so anyone can edit the SideBar.

Obviously, these are easily solvable problems on my end as a site admin, but
I wanted to send the feedback so that either the code could be changed or
the InitialPasswords page changed to reflect the behavior of 2.2.0.  [Full
disclosure: I haven't tested 2.1.27, so I don't know if the behavior
described in InitialPasswords is correct for that version.]

-Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20080213/42046be8/attachment.html