Recent Changes - Search:
PITS /

01213: PageVar() should respect authentications

Summary: PageVar() should respect authentications
Created: 2010-07-28 03:58
Status: Closed - fixed for 2.2.24
Category: CoreCandidate
From: Petko
Assigned:
Priority: 4
Version: all
OS:

Description: Discussion with Eemeli Aro on the mailing list:

http://www.pmichaud.com/pipermail/pmwiki-users/2010-July/057758.html

PageVar() should use RetrieveAuthPage() instead of ReadPage() to get the page. $PCache checks need to be reviewed.

Testing PageVars from Test.LockedPage. To see the PVs, login (the password is quick) and to hide them, logout. 

 Title: "LockedPage"
 Titlespaced: "Locked Page"
 LastModifiedSummary: ""
 LastModifiedBy: ""
 LastModifiedHost: ""
 LastModified: "April 29, 2026, at 12:31 PM"
 LastModifiedTime: ""
 Description: ""
 PasswdRead: "****"
 PasswdEdit: "****"
 PasswdAttr: "@lock"

Those should always be visible: 

 PageUrl: "$ScriptUrl/Test/LockedPage"
 FullName: "Test.LockedPage"
 Namespaced: "Locked Page"
 SiteGroup: "Site"
 VersionNum: "2.5.9"
 DefaultGroup: "PmWiki"
 DefaultName: "HomePage"
 Action: "browse"
 BaseName: "Test.LockedPage"
 Author: "" (YOU, not the author of LockedPage)

The local/PITS.01213.php file (or config.php) replaces $page with $authpage in the sensitive PageVariables with the following snippet: 

foreach($FmtPV as $k=>$v) {
  if(preg_match('/^\\$(Title(spaced)?|LastModified(By|Host|Summary|Time)?|Description)$/', $k))
    $FmtPV[$k] = str_replace('$page', '$authpage', $v);
}

Array
(
    [post_max_size] => 64M
    [$_POST keys] => 
    [$_REQUEST keys] => n
    [$_SERVER] => Array
        (
            [CONTEXT_DOCUMENT_ROOT] => /home/pmwiki/public_html
            [CONTEXT_PREFIX] => 
            [DOCUMENT_ROOT] => /home/pmwiki/public_html
            [GATEWAY_INTERFACE] => CGI/1.1
            [HTTPS] => on
            [HTTP_ACCEPT] => */*
            [HTTP_ACCEPT_ENCODING] => gzip, br, zstd, deflate
            [HTTP_HOST] => www.pmwiki.org
            [HTTP_REFERER] => https://www.pmwiki.org/PITS/01213
            [HTTP_USER_AGENT] => Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
            [HTTP_X_HTTPS] => 1
            [PATH] => /bin:/usr/bin
            [PHP_INI_SCAN_DIR] => /opt/cpanel/ea-php70/root/etc:/opt/cpanel/ea-php70/root/etc/php.d:.
            [QUERY_STRING] => n=PITS%2f01213
            [REDIRECT_HTTPS] => on
            [REDIRECT_QUERY_STRING] => n=PITS%2f01213
            [REDIRECT_SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/01213
            [REDIRECT_SCRIPT_URL] => /wiki/PITS/01213
            [REDIRECT_SSL_TLS_SNI] => www.pmwiki.org
            [REDIRECT_STATUS] => 200
            [REDIRECT_UNIQUE_ID] => afH6JYPWzWUYf5P5LjOzTAAAAM0
            [REDIRECT_URL] => /wiki/PITS/01213
            [REMOTE_ADDR] => 216.73.216.31
            [REMOTE_PORT] => 64325
            [REQUEST_METHOD] => GET
            [REQUEST_SCHEME] => https
            [REQUEST_URI] => /wiki/PITS/01213
            [SCRIPT_FILENAME] => /home/pmwiki/public_html/index.php
            [SCRIPT_NAME] => /index.php
            [SCRIPT_URI] => https://www.pmwiki.org/wiki/PITS/01213
            [SCRIPT_URL] => /wiki/PITS/01213
            [SERVER_ADDR] => 23.254.203.248
            [SERVER_ADMIN] => webmaster@pmwiki.org
            [SERVER_NAME] => www.pmwiki.org
            [SERVER_PORT] => 443
            [SERVER_PROTOCOL] => HTTP/1.1
            [SERVER_SIGNATURE] => 
            [SERVER_SOFTWARE] => Apache
            [SSL_TLS_SNI] => www.pmwiki.org
            [TZ] => America/Los_Angeles
            [UNIQUE_ID] => afH6JYPWzWUYf5P5LjOzTAAAAM0
            [PHP_SELF] => /index.php
            [REQUEST_TIME_FLOAT] => 1777465893.136
            [REQUEST_TIME] => 1777465893
            [argv] => Array
                (
                    [0] => n=PITS%2f01213
                )

            [argc] => 1
        )

)