[dokuwiki] Re: Security without .htaccess

  • From: Andreas Gohr <andi@xxxxxxxxxxxxxx>
  • To: dokuwiki@xxxxxxxxxxxxx
  • Date: Thu, 12 May 2005 23:45:32 +0200

Hi

> I will add an additional comment line as first line
> to fix this.

Thanks for the patch! Just added it (and small correction) to the darcs repo.

We should think if this can be improved.

Is a die() call the correct way if the new file isn't writable? I think it 
should be fatal only if ACL is enabled. Or should it never be fatal?

Is the init.php file the right place to handle it? Or should this be moved to 
another file? Maybe auth.php?

Is there a simple way to avoid this function being called on every page? After 
all it just needs to be called once for each file ever. I guess not but we 
should think about it.

> In the mean time I had to recover from a darcs bug (second
> time that it does that to me) - I installed the 1.0.3rc1
> version and I have now a working patch ready.

I'm running 1.0.2 (Debian package) so far without problems... lets hope it 
stays this way ;-)

Regards
Andi

PS: please delete unnecessary quotes on reply to make mails better readable.

Other related posts: