00693: issue with $HandleAuth['xxxx'] ='admin'

Summary: issue with $HandleAuth['xxxx'] ='admin'
Created: 2006-03-07 19:04
Status: Suspended
Category: Bug
From: Isidor
Assigned:
Priority: 5
Version: 2.1
OS: NA

Description: Hi

On V2.0 I'm using the syntax

$HandleAuth['source'] ='edit';    
$HandleAuth['crypt'] ='admin';
$EnableDiag = 1; 
$HandleAuth['ruleset'] ='admin';
$HandleAuth['phpinfo'] ='admin';
$HandleAuth['diag'] ='admin';

with no issue

On V2.1b36 the action source require to have the edit password to be used but all the actions refering to admin is working without asking any password

This link will show the issue http://pmwiki.org/wiki/Profiles/HomePage?action=diag

Isidor


I need to know the exact version of PmWiki being used; "2.1" doesn't give enough information.

Also, are you sure that the others aren't working? Keep in mind that PmWiki keeps track of any passwords entered during the current session, so once an admin password is entered you won't be prompted again for any passwords until logging out or closing all of the browser windows.

--Pm

The version is 2.1 b36 the same than the one on this site, it works without any password entered.
I've setup this site for testing http://pmtst21.gadz.org/ Isidor


Oh, I didn't notice the specific actions that were giving you problems. Sorry about that.

?action=crypt, ruleset, diag, etc. aren't "normal" actions in the sense that they don't use the $HandleAuth array, because they aren't really associated with any particular page. In the case of ?action=diag and ?action=phpinfo, PmWiki executes the "immediately" because they're primarily done for diagnostic purposes and we don't want the possible issue of not being able to access them because of problems in page permissions.

I can probably fix ?action=crypt pretty easily, the others I'll have to think about for after 2.1.0 comes out.

--Pm


I've done a quick and dirty hack, will only work if the user is defined in the $DefaultPasswords['type'] but that's sufficient for the time beeing :-)

if (($action=='diag')&&(strpos($DefaultPasswords[$HandleAuth['diag']],$GLOBALS[authid])!==FALSE)) {

if ($action=='phpinfo' && (strpos($DefaultPasswords[$HandleAuth['phpinfo']],$GLOBALS[authid])!==FALSE) ) { phpinfo(); exit(); }

And will wait for the official fix :-) isidor Hi Pm do you have some time to work on a solution ? Isidor


Hi Pm will this PITS could be Re Open for Pmwiki2.2 ?