Summary: latest update to 2.2.22 breaks password authentication
Created: 2011-01-25 09:18
Status: Closed - fixed for 2.2.24
OS: Solaris/Apache2/PHP 5.2.6
Description: In testing 2.2.21, things looked fine for me, then I accepted the 2.2.22, cleared caches and cookies in IE8 and FF3 and now all my wiki pages are wide open to the world for editing, no authentication necessary. Please fix this fast or put the 2.2.21 "latest" back on the download site.
Update: Ok...I have found I can revert to the previous method by using
If documentation exists about this new method, please point us to it. Thanks.
This should be an awesome bug. I released 2.2.23 defaulting
Unfortunately, I am unable to reproduce this bug. Could you detail what types of password protection are you using? (
Related entry: PITS:01213 (PageVar() should respect authentications)
No problem. I was just using:
in my config. After the upgrade and until I set
Thanks again for your report. Even if I couldn't reproduce the bug, the 2.2.22 version cached a wrong page metadata, and it is very likely that in some cases this can cause such problems and more. This should be fixed in 2.2.23, and from 2.2.24 on, we'll have a different way to do what we want, if an administrator enables it. --Petko February 06, 2011, at 03:58 AM