>> $HandleAuth['crypt'] = 'edit'; >> Even with this line in config.php, users seem to be able to use >> action=crypt even when they have no "edit" rights.
> The ?action=crypt is handled somewhat specially, in that it > doesn't bother to check permissions on any page before being > able to run it. There didn't seem to be much point in > limiting authorization for it, as it's not really information > that needs protecting (afaict). > > That said, if we really feel that it needs authorization > controls, I can add it easily enough. Thank you for the fast reply. There is no real need for it, but it would be more consistent and would probably prevent some avoidable head scratching ;-) Christophe _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
