CVS: phpwiki/lib/plugin _AuthInfo.php,1.18,1.19

Update of /cvsroot/phpwiki/phpwiki/lib/plugin
In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv9057

Modified Files:
        _AuthInfo.php 
Log Message:
use obj2hash exclude arg,
fix minor security flaw: enable _AuthInfo only if Admin or DEBUG && _DEBUG_LOGIN
  not on any DEBUG value



Index: _AuthInfo.php
===================================================================
RCS file: /cvsroot/phpwiki/phpwiki/lib/plugin/_AuthInfo.php,v
retrieving revision 1.18
retrieving revision 1.19
diff -u -2 -b -p -d -r1.18 -r1.19
--- _AuthInfo.php       27 Mar 2005 19:46:12 -0000      1.18
+++ _AuthInfo.php       1 Apr 2005 14:04:31 -0000       1.19
@@ -58,5 +58,5 @@ extends WikiPlugin
             $user = WikiUser($userid);
         }
-        if (!$user->isAdmin() and !DEBUG) {
+        if (!$user->isAdmin() and ! (DEBUG && _DEBUG_LOGIN)) {
             $request->_notAuthorized(WIKIAUTH_ADMIN);
             $this->disabled("! user->isAdmin");
@@ -106,13 +106,10 @@ extends WikiPlugin
                                        'cellspacing' => 0));
             //$table->pushContent(HTML::tr(HTML::td(array('colspan' => 2))));
-            $userdata = obj2hash($user);
-            // FIXME: only on sf.net/demo site
-            if (!empty($userdata['_dbi'])) unset($userdata['_dbi']);
-            if (!empty($userdata['_request'])) unset($userdata['_request']);
+            $userdata = obj2hash($user, array('_dbi','_request', 'password', 
'passwd'));
             $table->pushContent($this->_showhash("User: Object of 
".get_class($user), $userdata));
             if (ENABLE_USER_NEW) {
               $group = &$request->getGroup();
               $groups = $group->getAllGroupsIn();
-              $groupdata = obj2hash($group);
+              $groupdata = obj2hash($group, array('_dbi','_request', 
'password', 'passwd'));
               unset($groupdata['request']);
               $table->pushContent($this->_showhash("Group: Object of 
".get_class($group), $groupdata));
@@ -202,4 +199,9 @@ extends WikiPlugin
 
 // $Log$
+// Revision 1.19  2005/04/01 14:04:31  rurban
+// use obj2hash exclude arg,
+// fix minor security flaw: enable _AuthInfo only if Admin or DEBUG && 
_DEBUG_LOGIN
+//   not on any DEBUG value
+//
 // Revision 1.18  2005/03/27 19:46:12  rurban
 // security fixes (unknown why and where these get defined)



-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/Info/Sentarus/hamr30