[pmwiki-users] Bypassing the AuthUser

DaveG pmwiki at solidgone.com
Thu Apr 22 17:13:25 CDT 2010



On 4/22/2010 11:56 AM, V.Krishn wrote:
> On Thursday 22 Apr 2010 3:27:53 pm Pierre Reinbold wrote:
>> Hello all,
>>
>> This is my first message to the list and it concerns the possibility to
>> bypass the pmwiki access rights to edit a page in a cookbook. It seems
>> to be possible as cookbooks like Fox, Zap or WikiSH are able to do that.
>>
>> I'm programming a new action handler. As far as I understand the thing,
>> to read a page, I can use RetrieveAuthPage to enforce the access rights
>> restrictions or ReadPage to bypass them.
UpdatePage (and PostPage) both require the old and new versions of the 
page. The usual way to get the 'old' (current) version of the page is to 
call RetrieveAuthPage. As the developer you can choose how to call 
RetrieveAuthPage, thus essentially you can by-pass existing security by 
calling RetrieveAuthPage with the lowest authentication parameter ('read').


  ~ ~ Dave



More information about the pmwiki-users mailing list