On 4/22/2010 11:56 AM, V.Krishn wrote:
On Thursday 22 Apr 2010 3:27:53 pm Pierre Reinbold wrote:
Hello all,
This is my first message to the list and it concerns the possibility to
bypass the pmwiki access rights to edit a page in a cookbook. It seems
to be possible as cookbooks like Fox, Zap or WikiSH are able to do that.
I'm programming a new action handler. As far as I understand the thing,
to read a page, I can use RetrieveAuthPage to enforce the access rights
restrictions or ReadPage to bypass them.
UpdatePage (and PostPage) both require the old and new versions of the
page. The usual way to get the 'old' (current) version of the page is to
call RetrieveAuthPage. As the developer you can choose how to call
RetrieveAuthPage, thus essentially you can by-pass existing security by
calling RetrieveAuthPage with the lowest authentication parameter ('read').
~ ~ Dave
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
