[pmwiki-users] security documentation for recipes

Hans design5 at softflow.co.uk
Tue Mar 4 03:39:22 CST 2008


Tuesday, March 4, 2008, 7:35:27 AM, Peter & Melodye Bowers wrote:

> My understanding has been that as long as I go through the
> RetrieveAuthPage() and UpdatePage() functions for ALL page-reading &
> page-writing operations that they will enforce pmwiki authorizations &
> security on my behalf.  Is that accurate?  Or do I need to check certain
> authorizations explicitly?

You need to ensure that when using RetrieveAuthPage an appropriate
access level is provided as the second parameter.

If you use a custom action, say action=shell, you can pass an
authorisation level to the Handle function with for instance:

$HandleAuth['shell'] = 'admin';

$HandleActions['shell'] = HandleWikiShell';

function HandleWikiShell($pagename, $auth) {
......
$page = RetrieveAuthPage($somepage, $auth, true, READPAGE_CURRENT);
.....
}


  ~Hans




More information about the pmwiki-users mailing list