[pmwiki-users] BUG: Targets w/Dot Allow Editing
Ryan D'Baisse
ryan.dbaisse at gmail.com
Mon Aug 1 10:28:34 CDT 2005
Okay, this has GOT to be a bug. Here's what I have found...
-----------------------
VERSION:
PmWiki v2.0 Beta 19
PROBLEM:
Navigating to non-existing pages freely allow anyone access to the "Edit"
window. All other pages prompt for password.
SYNOPSIS:
A new wiki has a group, "My Friends". Some of the target pages have a dot
(or period) in the name (i.e. "John P. Smith"). Targets with the dot in the
name cause an invalid link to be rendered. Selecting that link allows
editing of that page without prompting for passwords.
Example of Target Without Dots:
* [[My Friends/Joe Blow]]
Example of Resulting Link Without Dots (user prompted for password
before edit):
http:// <http://<server> <server
name>/pmwiki.php?n=MyFriends.JoeBlow?action=edit
Example of Target WITH Dots:
* [[My Friends/Joe D. Blow]]
Example of Resulting link WITH Dots (user NOT prompted for password
before edit):
http:// <http://<server> <server
name>/pmwiki.php?n=JoeD.Blow?action=edit
-----------------------
Fortunately, I have not gone live with the wiki I am building. Could
someone please validate this and let me know if it is resolved in a future
build?
-- Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20050801/a70013bd/attachment.html
More information about the pmwiki-users
mailing list