[pmwiki-users] security documentation for recipes

Peter & Melodye Bowers pbowers at pobox.com
Wed Mar 5 07:47:49 CST 2008

Thanks, PM.  Very helpful.

> UpdatePage() does not check any authorizations -- it simply updates
> the page.

> RetrieveAuthPage takes a number of parameters:
>     $page = RetrieveAuthPage($pagename, $auth, $prompt, $since);

Would it be helpful for other developers (or is it just me?) to have a
simple wrapper as the "official" way to write to a page?  Something like
UpdateAuthPage() or something similar?  Obviously based on this thread I
will make sure I "follow the rules" from now on to enforce authorizations --
I'm just thinking having an "official" function which self-enforces the auth
would reduce the possibility of problems (whether those problems are caused
by newby-ness or whether they are caused by someone simply forgetting).

On another note, does CondAuth() work as well (in place of the
RetrieveAuthPage() call)?  Sometimes I read a page ("read" auth) and then in
the process of working with it realize I need to update the page -- it seems
a shame to re-read it to confirm "edit" auth...  I played around with it a
little and it seems to be an effective way to check authorization prior to
writing, but I'd like to confirm from some of you with a bigger picture...


PS If CondAuth() does work then UpdateAuthPage() (if that's a good name)
could be as simple as this:

function UpdateAuthPage(...)
	return (CondAuth(...) && UpdatePage(...));

More information about the pmwiki-users mailing list