[pmwiki-users] Alternate authorization levels for $EnableDiag actions

Guillermo Calderon - INCO calderon at fing.edu.uy
Thu Jun 28 11:52:44 CDT 2007


H. Fox wrote:
> I would like to enable the diagnostic actions, but only for
> edit-authorized visitors to the site.  I tried
> 
>    ## Enable remote diagnostics (?action=diag and ?action=phpinfo).
>    $EnableDiag = 1;
>    $HandleAuth['diag'] = 'edit';
>    $HandleAuth['phpinfo'] = 'edit';
> 
> in a configuration file, but the diagnostic actions are still
> available to a plain old read-authorized visitor.  How can I achieve
> the desired effect?
> 

I think  the problem is in the file scripts/diag.php

This file contains the following piece of code:

   if ($action=='diag') {
     @session_start();
     header('Content-type: text/plain');
     print_r($GLOBALS);
     exit();
   }

There are no test for permissions there.

You have to modify this file in order to fix this problem.




More information about the pmwiki-users mailing list