[Pmwiki-users] RSS feeds and secure pages

Patrick R. Michaud pmichaud
Wed Nov 17 08:14:59 CST 2004


On Wed, Nov 17, 2004 at 02:19:53PM +0100, Enrique Pardo wrote:
> How can we make PmWiki RSS feeds more secure?
> Currently if you have a group or a page protected with a password (I'm 
> using the sessionauth script), the RSS feed remains accessible to all.

Sorry, this is a bug in the rss.php script that I (finally) found this
morning.  It's fixed for the next releases of PmWiki 1 + 2, later
today.

The corrected code now honors read password attributes on wikitrail pages
and stops on the trail.  

> - if not, how to implement RSS feeds only for selected groups

This one's easy:  instead of placing the include('scripts/rss.php') line
in your local/config.php file, put it only in the per-group customization
files for the groups you'd like to have it enabled on.  Or you can even
place it in per-page customization files for only those WikiTrail pages
you're willing to allow RSS feeds from.  

For example, to restrict RSS feeds to the pages listed in 
SomeGroup.RecentChanges, place the include('scripts/rss.php') file
only in local/SomeGroup.RecentChanges.php .

Pm



More information about the pmwiki-users mailing list