On Sat, Mar 01, 2008 at 09:53:56PM +0100, Christophe David wrote: > Could someone please try if the following line works as expected ? > > $HandleAuth['crypt'] = 'edit'; > > Even with this line in config.php, users seem to be able to use > action=crypt even when they have no "edit" rights.
The ?action=crypt is handled somewhat specially, in that it doesn't bother to check permissions on any page before being able to run it. There didn't seem to be much point in limiting authorization for it, as it's not really information that needs protecting (afaict). That said, if we really feel that it needs authorization controls, I can add it easily enough. Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
