[Phpwiki-talk] Another PagePerm premission problem fixed

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I just checked another fix for a security problem with PagePerms:

If users were signed in, but not authenticated, mostly by cookies, the 
permission system wrongly granted access for these groups, if the 
not-authenticated user (just the username) was member of these groups:
   admin, owner, creator

Now we check for the authenticated status (correct or no password) if 
access is checked for these groups.

I also checked in the first working copy of WikiAdminSetAcl, but this 
will need some more helpers. For example to display if nothing was 
changed, maybe not to store default ACL's, to change subpages also, and 
the show if the selected pages have different settings.
-- 
Reini Urban
http://phpwiki.sf.net/