j.montaldi at gmail.com
Tue Jun 30 23:41:48 CDT 2015
That's worth being aware of - thanks.
(In my case the whole site is protected by an edit password, so I guess
that's not an issue at the moment.)
On 1 July 2015 at 00:27, Randy Brown <randy at brownragfilms.com> wrote:
> Beware: An edit password will not protect everything on a readable page
> that is hidden by (:if false:). This is because an unauthorized user can
> use (:include:) on another page with the lines= option to circumvent your
> If you need something to be well protected, put it on a separate read
> protected page. If you need to see it sometimes on an unprotected page
> depending on a conditional, you can include it from the protected page -
> it will only be visible to users who can read both pages.
> On 2015-06-28 22:53, JamesM wrote:
> > I've been using pmwiki for a few years, and have only just discovered
> > the
> > &action=source thing.
> > Unfortunately, this shows the entire source, including things written
> > after
> > (:if false:), which I use for hiding information (it's on a lecture
> > course
> > website, and I have some stuff hidden from student view).
> > So, how can I disable &action=source?
> > Or better, password protect it.
> > I tried putting
> > $DefaultPasswords['source']=' .... ';
> > into config.php. This works for ['admin'] and ['edit'] but seems to
> > make
> > no difference for ['source'].
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pmwiki-users