[pmwiki-users] Alternate authorization levels for $EnableDiag

Guillermo Calderon - INCO calderon at fing.edu.uy
Fri Jun 29 09:55:52 CDT 2007


sti at pooq.com wrote:
> Guillermo Calderon - INCO wrote:
> 
>>H. Fox wrote:
>>
>>>I would like to enable the diagnostic actions, but only for
>>>edit-authorized visitors to the site.  I tried
>>>
>>>   ## Enable remote diagnostics (?action=diag and ?action=phpinfo).
>>>   $EnableDiag = 1;
>>>   $HandleAuth['diag'] = 'edit';
>>>   $HandleAuth['phpinfo'] = 'edit';
>>>
>>>in a configuration file, but the diagnostic actions are still
>>>available to a plain old read-authorized visitor.  How can I achieve
>>>the desired effect?
>>>
>>
>>I think  the problem is in the file scripts/diag.php
>>
>>This file contains the following piece of code:
>>
>>   if ($action=='diag') {
>>     @session_start();
>>     header('Content-type: text/plain');
>>     print_r($GLOBALS);
>>     exit();
>>   }
>>
>>There are no test for permissions there.
>>
>>You have to modify this file in order to fix this problem.
>>
> 
> Not true! You almost never have to modify PmWiki's code to achieve this sort
> of thing. 
> 

Ok, I agree with this rule.
I meant that  perhaps the implementation of the action 'diag' should 
be rewriten (by PM) in order to have account of HandleAuth['diag'].




More information about the pmwiki-users mailing list