[pmwiki-users] 2.2.0-beta65 and InitialPasswords
Aaron
abeals at gmail.com
Tue Feb 12 23:50:33 CST 2008
I recently installed 2.2.0-beta65 and have been having great luck with it.
However, I uncovered some funniness tonight with regards to the information
in the InitialPasswords page (
http://www.pmwiki.org/wiki/PmWiki/InitialPasswords).
>From the page: "2. The change page attributes action is locked for the Main,
PmWiki, SiteAdmin, and Site workgroups."
Actually, I just ran a test using a new browser (IE, which I never use) and
found that without specifying a password, I can muck around with the attr
action on any page in Main and PmWiki. SiteAdmin and Site seem to be
properly locked off.
Also from the page: "The default SideBar is Site.SideBar and is locked for
editing by default."
Looking at the attr's for the page, it appears that Site.SideBar is covered
by @_site_edit, but in the default installation, this password is not set,
so anyone can edit the SideBar.
Obviously, these are easily solvable problems on my end as a site admin, but
I wanted to send the feedback so that either the code could be changed or
the InitialPasswords page changed to reflect the behavior of 2.2.0. [Full
disclosure: I haven't tested 2.1.27, so I don't know if the behavior
described in InitialPasswords is correct for that version.]
-Aaron
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20080213/42046be8/attachment.html
More information about the pmwiki-users
mailing list