[dokuwiki] Re: signing requests
- From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
- To: dokuwiki@xxxxxxxxxxxxx
- Date: Tue, 7 Apr 2009 20:32:40 +0200
> yes, you are quite right. Andy can you patch inc/auth.php:
>
> - $evt = new Doku_Event('AUTH_LOGIN_CHECK',$ACT);
> + $evt = new Doku_Event('AUTH_LOGIN_CHECK',$evdata);
fixed.
> Andy: What were your intentions passing a modifiable username&password
> along with the event, anyway?
>
> I don't see a good use-case for rewriting username&password from within
> an event hook. It will only inspire coders to /inject/ passwords via
> "AUTH_LOGIN_CHECK". Yet passwords should be handled via an
> inc/auth/*class.php
Well, I didn't have any particular use case in mind, but usually all
other BEFORE events get passed the data on which a decision to
interrupt the default action is made as event data, so I found it
logical to pass this data there.
So yes, it probably shouldn't be used, but makes the event interface a
bit cleaner I'd think. Or am I missing something?
Andi
--
splitbrain.org
--
DokuWiki mailing list - more info at
http://wiki.splitbrain.org/wiki:mailinglist
Other related posts:
