[pmwiki-users] &action=source

JamesM j.montaldi at gmail.com
Tue Jun 30 23:41:48 CDT 2015


That's worth being aware of - thanks.
(In my case the whole site is protected by an edit password, so I guess
that's not an issue at the moment.)

James


On 1 July 2015 at 00:27, Randy Brown <randy at brownragfilms.com> wrote:

> Beware: An edit password will not protect everything on a readable page
> that is hidden by (:if false:). This is because an unauthorized user can
> use (:include:) on another page with the lines= option to circumvent your
> conditional.
>
> If you need something to be well protected, put it on a separate read
> protected page. If you need to see it sometimes on an unprotected page
> depending on a conditional, you can include it from the protected  page -
> it will only be visible to users who can read both pages.
>
> Randy
>
> On 2015-06-28 22:53, JamesM wrote:
> > I've been using pmwiki for a few years, and have only just discovered
> > the
> > &action=source thing.
> > Unfortunately, this shows the entire source, including things written
> > after
> > (:if false:), which I use for hiding information (it's on a lecture
> > course
> > website, and I have some stuff hidden from student view).
> >
> > So, how can I disable &action=source?
> > Or better, password protect it.
> >
> > I tried putting
> > $DefaultPasswords['source']=' .... ';
> > into config.php.  This works for ['admin'] and ['edit'] but seems to
> > make
> > no difference for ['source'].
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20150701/9ec5718b/attachment.html>


More information about the pmwiki-users mailing list