[pmwiki-users] HandleAuth for action diag
Simon
nzskiwi at gmail.com
Wed Sep 3 04:37:37 CDT 2008
As a general principle I think all actions should check the normal
mechanism,perhaps this is the problem I am having with ?action=approvesites
Simon
2008/9/3 Patrick R. Michaud <pmichaud at pobox.com>
> On Tue, Sep 02, 2008 at 06:55:09PM +0200, Ansgar Bockstiegel wrote:
> > I tried to limit access to the information given by the action=diag to
> > authorized users by setting $HandleAuth['diag']='admin' in the way [1]
> > suggests, but that did not work. Can anybody give me a hint why this
> > fails? I'm using 2.2.0-beta68.
>
> Short answer: ?action=diag isn't a normal action -- it's handled
> specially by the diagnostic script and doesn't make use of PmWiki's
> authorization mechanisms.
>
> Longer answer: One of the principal uses for ?action=diag is to
> troubleshoot the authorization system itself, and it's hard to
> do that if ?action=diag relies on a working authorization system.
>
> Still, this question comes up frequently enough that I think
> I may switch ?action=diag to use the normal mechanism, or to
> explicitly check for $HandleAuth['diag'] being set and perform
> an authorization check when that's the case.
>
> Thanks!
>
> Pm
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
--
http://kiwiwiki.co.nz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20080903/cad9cf0f/attachment-0001.html
More information about the pmwiki-users
mailing list