[EMAIL PROTECTED] wrote: > Guillermo Calderon - INCO wrote: > >>H. Fox wrote: >> >>>I would like to enable the diagnostic actions, but only for >>>edit-authorized visitors to the site. I tried >>> >>> ## Enable remote diagnostics (?action=diag and ?action=phpinfo). >>> $EnableDiag = 1; >>> $HandleAuth['diag'] = 'edit'; >>> $HandleAuth['phpinfo'] = 'edit'; >>> >>>in a configuration file, but the diagnostic actions are still >>>available to a plain old read-authorized visitor. How can I achieve >>>the desired effect? >>> >> >>I think the problem is in the file scripts/diag.php >> >>This file contains the following piece of code: >> >> if ($action=='diag') { >> @session_start(); >> header('Content-type: text/plain'); >> print_r($GLOBALS); >> exit(); >> } >> >>There are no test for permissions there. >> >>You have to modify this file in order to fix this problem. >> > > Not true! You almost never have to modify PmWiki's code to achieve this sort > of thing. >
Ok, I agree with this rule. I meant that perhaps the implementation of the action 'diag' should be rewriten (by PM) in order to have account of HandleAuth['diag']. _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users