[pmwiki-users] HandleAuth for action diag
Patrick R. Michaud
pmichaud at pobox.com
Tue Sep 2 15:36:11 CDT 2008
On Tue, Sep 02, 2008 at 06:55:09PM +0200, Ansgar Bockstiegel wrote:
> I tried to limit access to the information given by the action=diag to
> authorized users by setting $HandleAuth['diag']='admin' in the way 
> suggests, but that did not work. Can anybody give me a hint why this
> fails? I'm using 2.2.0-beta68.
Short answer: ?action=diag isn't a normal action -- it's handled
specially by the diagnostic script and doesn't make use of PmWiki's
Longer answer: One of the principal uses for ?action=diag is to
troubleshoot the authorization system itself, and it's hard to
do that if ?action=diag relies on a working authorization system.
Still, this question comes up frequently enough that I think
I may switch ?action=diag to use the normal mechanism, or to
explicitly check for $HandleAuth['diag'] being set and perform
an authorization check when that's the case.
More information about the pmwiki-users