[dokuwiki] ssl for acl'ed pages
- From: Robin Getz <robin.getz@xxxxxxxxxx>
- To: dokuwiki <dokuwiki@xxxxxxxxxxxxx>
- Date: Wed, 9 Mar 2011 10:47:44 -0500
On our wiki, we have a few ACL'ed pages which we would like to make a
little more secure (afterall what else is the point of making the pages
accessed controlled in the first place?)
This patch does a https redirect on those pages which are ACL controlled.
Other pages are left alone, as to have lower load on the server.
This could be done as a server re-write rule, but then the re-writes need
to be kept in sync with the wiki, and it becomes difficult on a hosted
service.
Could be done as a plugin if this gets rejected for some purpose, (based on
ACTION_ACT_PREPROCESS) - but then I wouldn't be able to catch the 'admin'
case (which I really don't think is a big deal)...
Comments appreciated.
diff --git a/inc/actions.php b/inc/actions.php
index 4383e45..a9470bc 100644
--- a/inc/actions.php
+++ b/inc/actions.php
@@ -54,6 +54,13 @@ function act_dispatch(){
//check permissions
$ACT = act_permcheck($ACT);
+ // SSL for ACL'ed pages, when logged in
+ if ($conf['useacl'] && $ACT != 'denied' && $_SERVER['REMOTE_USER'] &&
(auth_aclcheck($ID,'',null) == AUTH_NONE || $ACT == 'admin') && !is_ssl()) {
+ $url = "https://";. $_SERVER['SERVER_NAME'] .
$_SERVER['REQUEST_URI'];
+ header("Location: $url");
+ exit;
+ }
+
//register
if($ACT == 'register' && $_POST['save'] && register()){
$ACT = 'login';
--
DokuWiki mailing list - more info at
http://www.dokuwiki.org/mailinglist
Other related posts:
