[pmwiki-users] HandleAuth for action diag

Simon nzskiwi at gmail.com
Wed Sep 3 04:37:37 CDT 2008

As a general principle I think all actions should check the normal
mechanism,perhaps this is the problem I am having with ?action=approvesites

2008/9/3 Patrick R. Michaud <pmichaud at pobox.com>

> On Tue, Sep 02, 2008 at 06:55:09PM +0200, Ansgar Bockstiegel wrote:
> > I tried to limit access to the information given by the action=diag to
> > authorized users by setting $HandleAuth['diag']='admin' in the way [1]
> > suggests, but that did not work. Can anybody give me a hint why this
> > fails? I'm using 2.2.0-beta68.
> Short answer:  ?action=diag isn't a normal action -- it's handled
> specially by the diagnostic script and doesn't make use of PmWiki's
> authorization mechanisms.
> Longer answer:  One of the principal uses for ?action=diag is to
> troubleshoot the authorization system itself, and it's hard to
> do that if ?action=diag relies on a working authorization system.
> Still, this question comes up frequently enough that I think
> I may switch ?action=diag to use the normal mechanism, or to
> explicitly check for $HandleAuth['diag'] being set and perform
> an authorization check when that's the case.
> Thanks!
> Pm
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20080903/cad9cf0f/attachment-0001.html 

More information about the pmwiki-users mailing list