[pmwiki-users] HandleAuth for action diag
nzskiwi at gmail.com
Wed Sep 3 04:37:37 CDT 2008
As a general principle I think all actions should check the normal
mechanism,perhaps this is the problem I am having with ?action=approvesites
2008/9/3 Patrick R. Michaud <pmichaud at pobox.com>
> On Tue, Sep 02, 2008 at 06:55:09PM +0200, Ansgar Bockstiegel wrote:
> > I tried to limit access to the information given by the action=diag to
> > authorized users by setting $HandleAuth['diag']='admin' in the way 
> > suggests, but that did not work. Can anybody give me a hint why this
> > fails? I'm using 2.2.0-beta68.
> Short answer: ?action=diag isn't a normal action -- it's handled
> specially by the diagnostic script and doesn't make use of PmWiki's
> authorization mechanisms.
> Longer answer: One of the principal uses for ?action=diag is to
> troubleshoot the authorization system itself, and it's hard to
> do that if ?action=diag relies on a working authorization system.
> Still, this question comes up frequently enough that I think
> I may switch ?action=diag to use the normal mechanism, or to
> explicitly check for $HandleAuth['diag'] being set and perform
> an authorization check when that's the case.
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the pmwiki-users