Joel Sherrill <joel@...> schrieb:
> Reini Urban wrote:
>> Note, that 1.2.x is not in active development, and probably insecure,
>> but is 10x faster, 10x smaller and has 10x less features than the
>> current 1.3.x development branch. A new 1.3.11 release will arrive soon.
> I hate to ask this but will 1.3.11 address some of the weirdnesses
> with the authentication? That has been the only gripe I have
> really had with the rtems wiki (http://www.rtems.com/phpwiki).
I know about httpauth not being working (got better, just the admin_user
PersonalPages problems (not being able to reproduce).
Most problems so far are related to PASSWORD_LENGTH_MINIMUM = 0
(allowing empty passwords), or non-persistent sessions. (which has
nothing to do with auth)
I print now a warning for all methods if PASSWORD_LENGTH_MINIMUM is
Or using slow USER_AUTH_POLICY = old and having IMAP or other issues
then (as in previous vesions also).
> Someone mentioned some issues with internationalization. If you
> are interested in a description, I can get him to write them up.
> I think it starts with his name having a non-ASCI character in it.
I remember. That's another issue I introduced lately and have to fix.
The docs state that all i18n username wordchars are valid, and current
code disallows them. For security concerns with certain methods.
I'll re-enable them for some auth methods: class specific isValidName()
Bogo and PersonalPage are safe.