[pmwiki-users] read password information leak
Patrick R. Michaud
pmichaud at pobox.com
Mon Mar 7 12:45:15 CST 2005
On Mon, Mar 07, 2005 at 01:31:47PM -0500, Neil Herber wrote:
> > if ($action == 'refcount' && RetrieveAuthPage($pagename, 'admin'))
> > include_once('scripts/refcount.php');
>
> Further wand-waving is required, because the first solution works, but the
> second does not.
>
> I am not sure what RetrieveAuthPage($pagename, 'admin') is doing and
> whether I should be changing 'admin' to some other value.
RetrieveAuthPage is supposed to say retrieve the current page ($pagename)
and require 'admin' access. Once the admin password is entered it should
allow access. Note that you have to do this *after* the admin password
has been set, however, otherwise the default is to be locked.
I'll have to give it a try on pmwiki.org a bit later if this doesn't
resolve it -- it seems like it ought to work.
Pm
More information about the pmwiki-users
mailing list