<div dir="ltr">As a general principle I think all actions should check the normal mechanism,<div>perhaps this is the problem I am having with ?action=approvesites</div><div>Simon<br><br><div class="gmail_quote">2008/9/3 Patrick R. Michaud <span dir="ltr"><<a href="mailto:pmichaud@pobox.com">pmichaud@pobox.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="Ih2E3d">On Tue, Sep 02, 2008 at 06:55:09PM +0200, Ansgar Bockstiegel wrote:<br>
> I tried to limit access to the information given by the action=diag to<br>
> authorized users by setting $HandleAuth['diag']='admin' in the way [1]<br>
> suggests, but that did not work. Can anybody give me a hint why this<br>
> fails? I'm using 2.2.0-beta68.<br>
<br>
</div>Short answer: ?action=diag isn't a normal action -- it's handled<br>
specially by the diagnostic script and doesn't make use of PmWiki's<br>
authorization mechanisms.<br>
<br>
Longer answer: One of the principal uses for ?action=diag is to<br>
troubleshoot the authorization system itself, and it's hard to<br>
do that if ?action=diag relies on a working authorization system.<br>
<br>
Still, this question comes up frequently enough that I think<br>
I may switch ?action=diag to use the normal mechanism, or to<br>
explicitly check for $HandleAuth['diag'] being set and perform<br>
an authorization check when that's the case.<br>
<br>
Thanks!<br>
<font color="#888888"><br>
Pm<br>
</font><div><div></div><div class="Wj3C7c"><br>
_______________________________________________<br>
pmwiki-users mailing list<br>
<a href="mailto:pmwiki-users@pmichaud.com">pmwiki-users@pmichaud.com</a><br>
<a href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users" target="_blank">http://www.pmichaud.com/mailman/listinfo/pmwiki-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><br><a href="http://kiwiwiki.co.nz">http://kiwiwiki.co.nz</a><br>
</div></div>