[pmwiki-users] security documentation for recipes
Peter & Melodye Bowers
pbowers at pobox.com
Wed Mar 5 07:47:49 CST 2008
Thanks, PM. Very helpful.
> UpdatePage() does not check any authorizations -- it simply updates
> the page.
> RetrieveAuthPage takes a number of parameters:
>
> $page = RetrieveAuthPage($pagename, $auth, $prompt, $since);
>
>...
Would it be helpful for other developers (or is it just me?) to have a
simple wrapper as the "official" way to write to a page? Something like
UpdateAuthPage() or something similar? Obviously based on this thread I
will make sure I "follow the rules" from now on to enforce authorizations --
I'm just thinking having an "official" function which self-enforces the auth
would reduce the possibility of problems (whether those problems are caused
by newby-ness or whether they are caused by someone simply forgetting).
On another note, does CondAuth() work as well (in place of the
RetrieveAuthPage() call)? Sometimes I read a page ("read" auth) and then in
the process of working with it realize I need to update the page -- it seems
a shame to re-read it to confirm "edit" auth... I played around with it a
little and it seems to be an effective way to check authorization prior to
writing, but I'd like to confirm from some of you with a bigger picture...
-Peter
PS If CondAuth() does work then UpdateAuthPage() (if that's a good name)
could be as simple as this:
function UpdateAuthPage(...)
{
return (CondAuth(...) && UpdatePage(...));
}
More information about the pmwiki-users
mailing list