[pmwiki-users] &action=source
Simon
nzskiwi at gmail.com
Sun Jun 28 20:57:54 CDT 2015
You may like to review
http://www.pmwiki.org/wiki/PmWiki/Security
and specifically see
http://www.pmwiki.org/wiki/PmWiki/PasswordsAdmin#protectingactions
Simon
On 29 June 2015 at 09:27, JamesM <j.montaldi at gmail.com> wrote:
> Thanks Petko. That works perfectly.
> James
>
>
> On 28 June 2015 at 22:22, Petko Yotov <5ko at 5ko.fr> wrote:
>
>> Add to config.php:
>>
>> $HandleAuth['source'] = 'edit';
>>
>> This way, only people with 'edit' permissions will be able to see the
>> source (the edit password will be requested, or a username/password will be
>> required).
>>
>> Petko
>>
>>
>> On 2015-06-28 22:53, JamesM wrote:
>>
>>> I've been using pmwiki for a few years, and have only just discovered the
>>> &action=source thing.
>>> Unfortunately, this shows the entire source, including things written
>>> after
>>> (:if false:), which I use for hiding information (it's on a lecture
>>> course
>>> website, and I have some stuff hidden from student view).
>>>
>>> So, how can I disable &action=source?
>>> Or better, password protect it.
>>>
>>> I tried putting
>>> $DefaultPasswords['source']=' .... ';
>>> into config.php. This works for ['admin'] and ['edit'] but seems to make
>>> no difference for ['source'].
>>>
>>
>>
>> _______________________________________________
>> pmwiki-users mailing list
>> pmwiki-users at pmichaud.com
>> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>>
>
>
> _______________________________________________
> pmwiki-users mailing list
> pmwiki-users at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-users
>
>
--
____
http://kiwiwiki.co.nz
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-users/attachments/20150629/939a56e6/attachment.html>
More information about the pmwiki-users
mailing list