[pmwiki-users] Alternate authorization levels for $EnableDiag
Guillermo Calderon - INCO
calderon at fing.edu.uy
Fri Jun 29 09:55:52 CDT 2007
sti at pooq.com wrote:
> Guillermo Calderon - INCO wrote:
>
>>H. Fox wrote:
>>
>>>I would like to enable the diagnostic actions, but only for
>>>edit-authorized visitors to the site. I tried
>>>
>>> ## Enable remote diagnostics (?action=diag and ?action=phpinfo).
>>> $EnableDiag = 1;
>>> $HandleAuth['diag'] = 'edit';
>>> $HandleAuth['phpinfo'] = 'edit';
>>>
>>>in a configuration file, but the diagnostic actions are still
>>>available to a plain old read-authorized visitor. How can I achieve
>>>the desired effect?
>>>
>>
>>I think the problem is in the file scripts/diag.php
>>
>>This file contains the following piece of code:
>>
>> if ($action=='diag') {
>> @session_start();
>> header('Content-type: text/plain');
>> print_r($GLOBALS);
>> exit();
>> }
>>
>>There are no test for permissions there.
>>
>>You have to modify this file in order to fix this problem.
>>
>
> Not true! You almost never have to modify PmWiki's code to achieve this sort
> of thing.
>
Ok, I agree with this rule.
I meant that perhaps the implementation of the action 'diag' should
be rewriten (by PM) in order to have account of HandleAuth['diag'].
More information about the pmwiki-users
mailing list