[pmwiki-users] security documentation for recipes
Hans
design5 at softflow.co.uk
Tue Mar 4 03:39:22 CST 2008
Tuesday, March 4, 2008, 7:35:27 AM, Peter & Melodye Bowers wrote:
> My understanding has been that as long as I go through the
> RetrieveAuthPage() and UpdatePage() functions for ALL page-reading &
> page-writing operations that they will enforce pmwiki authorizations &
> security on my behalf. Is that accurate? Or do I need to check certain
> authorizations explicitly?
You need to ensure that when using RetrieveAuthPage an appropriate
access level is provided as the second parameter.
If you use a custom action, say action=shell, you can pass an
authorisation level to the Handle function with for instance:
$HandleAuth['shell'] = 'admin';
$HandleActions['shell'] = HandleWikiShell';
function HandleWikiShell($pagename, $auth) {
......
$page = RetrieveAuthPage($somepage, $auth, true, READPAGE_CURRENT);
.....
}
~Hans
More information about the pmwiki-users
mailing list