[pmwiki-users] Alternate authorization levels for $EnableDiag actions
Guillermo Calderon - INCO
calderon at fing.edu.uy
Thu Jun 28 11:52:44 CDT 2007
H. Fox wrote:
> I would like to enable the diagnostic actions, but only for
> edit-authorized visitors to the site. I tried
>
> ## Enable remote diagnostics (?action=diag and ?action=phpinfo).
> $EnableDiag = 1;
> $HandleAuth['diag'] = 'edit';
> $HandleAuth['phpinfo'] = 'edit';
>
> in a configuration file, but the diagnostic actions are still
> available to a plain old read-authorized visitor. How can I achieve
> the desired effect?
>
I think the problem is in the file scripts/diag.php
This file contains the following piece of code:
if ($action=='diag') {
@session_start();
header('Content-type: text/plain');
print_r($GLOBALS);
exit();
}
There are no test for permissions there.
You have to modify this file in order to fix this problem.
More information about the pmwiki-users
mailing list