As a general principle I think all actions should check the normal mechanism,perhaps this is the problem I am having with ?action=approvesites Simon
2008/9/3 Patrick R. Michaud <[EMAIL PROTECTED]> > On Tue, Sep 02, 2008 at 06:55:09PM +0200, Ansgar Bockstiegel wrote: > > I tried to limit access to the information given by the action=diag to > > authorized users by setting $HandleAuth['diag']='admin' in the way [1] > > suggests, but that did not work. Can anybody give me a hint why this > > fails? I'm using 2.2.0-beta68. > > Short answer: ?action=diag isn't a normal action -- it's handled > specially by the diagnostic script and doesn't make use of PmWiki's > authorization mechanisms. > > Longer answer: One of the principal uses for ?action=diag is to > troubleshoot the authorization system itself, and it's hard to > do that if ?action=diag relies on a working authorization system. > > Still, this question comes up frequently enough that I think > I may switch ?action=diag to use the normal mechanism, or to > explicitly check for $HandleAuth['diag'] being set and perform > an authorization check when that's the case. > > Thanks! > > Pm > > _______________________________________________ > pmwiki-users mailing list > [email protected] > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > -- http://kiwiwiki.co.nz
_______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
