H. Fox wrote:
> I would like to enable the diagnostic actions, but only for
> edit-authorized visitors to the site. I tried
>
> ## Enable remote diagnostics (?action=diag and ?action=phpinfo).
> $EnableDiag = 1;
> $HandleAuth['diag'] = 'edit';
> $HandleAuth['phpinfo'] = 'edit';
>
> in a configuration file, but the diagnostic actions are still
> available to a plain old read-authorized visitor. How can I achieve
> the desired effect?
>
I think the problem is in the file scripts/diag.php
This file contains the following piece of code:
if ($action=='diag') {
@session_start();
header('Content-type: text/plain');
print_r($GLOBALS);
exit();
}
There are no test for permissions there.
You have to modify this file in order to fix this problem.
_______________________________________________
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
