[pmwiki-users] HandleAuth for action diag

Patrick R. Michaud pmichaud at pobox.com
Tue Sep 2 15:36:11 CDT 2008


On Tue, Sep 02, 2008 at 06:55:09PM +0200, Ansgar Bockstiegel wrote:
> I tried to limit access to the information given by the action=diag to
> authorized users by setting $HandleAuth['diag']='admin' in the way [1]
> suggests, but that did not work. Can anybody give me a hint why this
> fails? I'm using 2.2.0-beta68.

Short answer:  ?action=diag isn't a normal action -- it's handled 
specially by the diagnostic script and doesn't make use of PmWiki's
authorization mechanisms.

Longer answer:  One of the principal uses for ?action=diag is to
troubleshoot the authorization system itself, and it's hard to
do that if ?action=diag relies on a working authorization system.

Still, this question comes up frequently enough that I think
I may switch ?action=diag to use the normal mechanism, or to
explicitly check for $HandleAuth['diag'] being set and perform
an authorization check when that's the case.

Thanks!

Pm



More information about the pmwiki-users mailing list