[pmwiki-users] RSS Feed + Read Protected Groups

Patrick R. Michaud pmichaud at pobox.com
Mon Jan 9 20:49:15 CST 2006


On Mon, Jan 09, 2006 at 05:13:38PM -0700, H. Fox wrote:
> On 1/6/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> > even if $EnablePageListProtect=0; in local/Eberron.php,
> > it's possible for someone to use that to see the existence of pages
> > in all groups.  Essentially someone can then do:
> >
> >   .../pmwiki.php/Eberron/RecentChanges?action=rss&trail=Site.AllRecentChanges
> 
> Can the trail somehow be restricted?  I'm thinking you could do, in
> e.g. Eberron.RecentChanges.php,
> 
> if ($action == 'rss') {
>  $EnablePageListProtect = 0;
>  {the trail} = {this page and not any other page}
> }

if ($action == 'rss') {
  $EnablePageListProtect = 0;
  $_REQUEST = array('action' => 'rss');
}

Pm




More information about the pmwiki-users mailing list