[pmwiki-users] Bypassing the AuthUser
DaveG
pmwiki at solidgone.com
Thu Apr 22 17:13:25 CDT 2010
On 4/22/2010 11:56 AM, V.Krishn wrote:
> On Thursday 22 Apr 2010 3:27:53 pm Pierre Reinbold wrote:
>> Hello all,
>>
>> This is my first message to the list and it concerns the possibility to
>> bypass the pmwiki access rights to edit a page in a cookbook. It seems
>> to be possible as cookbooks like Fox, Zap or WikiSH are able to do that.
>>
>> I'm programming a new action handler. As far as I understand the thing,
>> to read a page, I can use RetrieveAuthPage to enforce the access rights
>> restrictions or ReadPage to bypass them.
UpdatePage (and PostPage) both require the old and new versions of the
page. The usual way to get the 'old' (current) version of the page is to
call RetrieveAuthPage. As the developer you can choose how to call
RetrieveAuthPage, thus essentially you can by-pass existing security by
calling RetrieveAuthPage with the lowest authentication parameter ('read').
~ ~ Dave
More information about the pmwiki-users
mailing list