diff options
author | https://social.mayfirst.org/mjray <mjray@web> | 2018-02-05 06:51:48 -0400 |
---|---|---|
committer | admin <admin@branchable.com> | 2018-02-05 06:51:48 -0400 |
commit | 36bb1f6dc74bcd8d81e0f0471897d109e0bd5282 (patch) | |
tree | 4ce02f055152cd8b24d0e22c47a8b9d290a202e6 /doc/todo | |
parent | c4042853b3bb8ef68654fd38adfa50a4b7220f4b (diff) | |
download | ikiwiki-36bb1f6dc74bcd8d81e0f0471897d109e0bd5282.tar ikiwiki-36bb1f6dc74bcd8d81e0f0471897d109e0bd5282.tar.gz |
Try to explain editor loophole to viewing restrictions
Diffstat (limited to 'doc/todo')
-rw-r--r-- | doc/todo/Restrict_page_viewing.mdwn | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/todo/Restrict_page_viewing.mdwn b/doc/todo/Restrict_page_viewing.mdwn index 20b59cb13..d40cee6d1 100644 --- a/doc/todo/Restrict_page_viewing.mdwn +++ b/doc/todo/Restrict_page_viewing.mdwn @@ -40,3 +40,7 @@ much more maintainable htaccess file. >>>>> If you use the httpauth and the cgiauthurl method, you can restrict a path >>>>> like /private/* to be accessible only under the authenticated request uri. + +>>>>>> Note that if editing is enabled, then you should set the restriction in locked_pages too +>>>>>> or they may be able to view pages by editing the page= value in the editor's +>>>>>> query string. --[mjr](http://mjr.towers.org.uk/) |