[pmwiki-users] Security/information leak in PmWIki
Patrick R. Michaud
pmichaud at pobox.com
Sun Feb 20 16:55:29 CST 2005
On Sun, Feb 20, 2005 at 05:25:43PM -0500, Neil Herber wrote:
> At 2005-02-20 04:21 PM -0600, Patrick R. Michaud is rumored to have said:
> >However, I wouldn't have much problem with adding a $EnablePageListAuth
> >switch that uses RetrieveAuthPage instead of ReadPage for searches
> >and page listings. Let me know if anyone is interested.
>
> I would be much more interested in the group markup that was alluded to in
> a previous email, something like (:nosearch:).
Probably would be called (:cloak:) or something like that. To hide
a group, where would one put this -- in the GroupHeader/GroupFooter
pages? (Note that this can get quite messy, since an administrator is
always free to change the names of GroupHeader/GroupFooter.)
> For my purposes, being able to exclude a group from searching and page
> listing unless the request came from inside the group would be adequate.
I'll have to think on this one a bit more. Probably worth adding
to PITS for now so it doesn't get forgotten.
Pm
More information about the pmwiki-users
mailing list