[pmwiki-users] $HandleAuth['crypt'] = 'edit' not working ?
Patrick R. Michaud
pmichaud at pobox.com
Sat Mar 1 15:38:35 CST 2008
On Sat, Mar 01, 2008 at 09:53:56PM +0100, Christophe David wrote:
> Could someone please try if the following line works as expected ?
>
> $HandleAuth['crypt'] = 'edit';
>
> Even with this line in config.php, users seem to be able to use
> action=crypt even when they have no "edit" rights.
The ?action=crypt is handled somewhat specially, in that it
doesn't bother to check permissions on any page before being
able to run it. There didn't seem to be much point in
limiting authorization for it, as it's not really information
that needs protecting (afaict).
That said, if we really feel that it needs authorization
controls, I can add it easily enough.
Pm
More information about the pmwiki-users
mailing list