It might have been better to have posted something like this offlist... Fortunately, while this gave me a good scare, I just checked into it and found it does not work. The authentication is done using the session variable not the page variable. It could be used to override the displayed value for AuthId which could perhaps cause problems on pages with conditionals based on AuthId however.
However this is regardless of whether it becomes sitewide or just on pages with (:zapget:). So thanks for pointing this out. The following code seems to block this from happening: if (!isset($FmtPV["$$g"])) ... Do you feel more comfortable with this? Not only is it useful sitewide (with or without ZAP), and automatic, it's more secure than zapget currently and involves less code! Cheers, Dan _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
