[ewiki] create action, action-links flaw

• From: Andy Fundinger <andy@xxxxxxxxxxx>
• To: "'ewiki@xxxxxxxxxxxxx'" <ewiki@xxxxxxxxxxxxx>
• Date: Wed, 24 Mar 2004 13:56:49 -0500

I think there's a problem with the current implementation of the create
pseudo action.  If a call to ewiki_auth() originates as ewiki_auth($id,
&$data, $action="setflags"), the current code would pass this to the perm
plugin as $pf_perm($id, $data, 'create', $ring) thus allowing a setflags
action to be performed on a page that the user only has create rights to.

Instead I suggest that we not change the action at all inside of
ewiki_auth() but rather expect auth plugins to know about and check this
flag in $ewiki_config.

Andy

• Follow-Ups:
  • [ewiki] Re: create action, action-links flaw
    • From: Mario Salzer

Other related posts:

• » [ewiki] create action, action-links flaw
• » [ewiki] Re: create action, action-links flaw
• » [ewiki] Re: create action, action-links flaw

• » Related posts
• » Previous by Date
• » Next by Date
• » This Month's Archive
• » Main Archive Page

• » View list details
• » Manage your subscription