PITS /
01213: PageVar() should respect authentications
Summary: PageVar() should respect authentications
Created: 2010-07-28 03:58
Status: Closed - fixed for 2.2.24
Category: CoreCandidate
From: Petko
Assigned:
Priority: 4
Version: all
OS:
Description: Discussion with Eemeli Aro on the mailing list:
http://www.pmichaud.com/pipermail/pmwiki-users/2010-July/057758.html
PageVar() should use RetrieveAuthPage() instead of ReadPage() to get the page. $PCache checks need to be reviewed.
Testing PageVars from Test.LockedPage. To see the PVs, login (the password is quick) and to hide them, logout.
Title: "LockedPage" Titlespaced: "Locked Page" LastModifiedSummary: "" LastModifiedBy: "" LastModifiedHost: "" LastModified: "November 12, 2024, at 04:29 PM" LastModifiedTime: "" Description: "" PasswdRead: "****" PasswdEdit: "****" PasswdAttr: "@lock"
Those should always be visible:
PageUrl: "$ScriptUrl
/Test/LockedPage"
FullName: "Test.LockedPage"
Namespaced: "Locked Page"
SiteGroup: "Site"
VersionNum: "2003038"
DefaultGroup: "PmWiki"
DefaultName: "HomePage"
Action: "browse"
BaseName: "Test.LockedPage"
Author: "" (YOU, not the author of LockedPage)
The local/PITS.01213.php
file (or config.php) replaces $page with $authpage in the sensitive PageVariables with the following snippet:
foreach($FmtPV as $k=>$v) { if(preg_match('/^\\$(Title(spaced)?|LastModified(By|Host|Summary|Time)?|Description)$/', $k)) $FmtPV[$k] = str_replace('$page', '$authpage', $v); }