The original of this post was bounced by the mailing list software because it contained a keyword which the server uses in its automated processing--I mention this just in case the original shows up.
It seems that I've implicitly adopted the newpagetemplate plugin, having updated it a while back it to accept the new template events. I received a notice that it has a security risk, which I believe was put in place by Sandell.Hakan:
securitywarning: ACL is not checked before template page access. A user with enough rights in one part of the wiki might access any page in whole wiki.
ACL applies to the page into which the template is inserted, so that if a user tries to apply the template to a page for which the user has no permissions, then access is barred. But the template itself is not governed by ACL. I took a look at this and updated the plugin to apply ACL rules to the template pages which it opens. Perhaps Sandell could look at the updated version.
Thanks, Myron -- Myron Turner http://mturner.org/ http://mturner.org/fckgLite https://github.com/turnermm -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist
