[Pmwiki-users] Small Change: Password protection for "action=diff"

Benedikt Hochstrasser bhoc
Sun Jun 13 15:02:59 CDT 2004


>As opposed to adding a new password type just for diff (yet another
>password to remember!), I will probably change pagerev.php to use 
>the variable $DiffPasswordLevel, with the default being "read".  
>If someone wants to prevent the public from viewing diffs they can 
>change $DiffPasswordLevel to "edit", which means that only those who
>have edit privileges can see the page history.

The initial intention was: "do I or don't I protect access to page revisions". A normal person would a) leave it unset or b) copy the "read" password line in config.php.
Of course I leave the implementation to you - you're the master of disaster, so to speak. :-)

>BTW, in existing versions of PmWiki one can already password-protect
>the diff function using the 'edit' password--add the following to 
>config.php (assuming the page doesn't require a different read 
>password):
>
>   if ($action=='diff') {
>     $page = RetrieveAuthPage($pagename,'edit');
>     if (!$page) Abort("?cannot diff $pagename");
>   }

Thanks for the hint. This will at least preserve the modification to future versions. I'm always a bit shy of modificating the source itself - not because out of fear to destroy 
something, but rather out of fear I'd forget where exactly I did my zillion modifications. ;-)

-- 
Ben




More information about the pmwiki-users mailing list