H. Fox wrote: > I would like to enable the diagnostic actions, but only for > edit-authorized visitors to the site. I tried > > ## Enable remote diagnostics (?action=diag and ?action=phpinfo). > $EnableDiag = 1; > $HandleAuth['diag'] = 'edit'; > $HandleAuth['phpinfo'] = 'edit'; > > in a configuration file, but the diagnostic actions are still > available to a plain old read-authorized visitor. How can I achieve > the desired effect? >
I think the problem is in the file scripts/diag.php This file contains the following piece of code: if ($action=='diag') { @session_start(); header('Content-type: text/plain'); print_r($GLOBALS); exit(); } There are no test for permissions there. You have to modify this file in order to fix this problem. _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users