Current State: Closed
Released In: 2.0.0
Target Release: major
feature is not implemented beyond the settings in Foswiki.spec.
Comment.pm needs to test that unless GuestCanComment
is set, then the user must be authenticated. If not authenticated, then redirect the request from
so that the user is prompted for a login.
Not sure what this does with ajax operation, and should it redirect, or just fail when running as ajax?
- 16 Jan 2012
I'm doubting the
configure checker's error message when
is not in
This could permit commenting by unauthorized users
I began to re-word the message along the lines of 'If
and WikiGuest has CHANGE permission, unauthenticated
users may be able to comment' but then this is true anyway when
itself isn't listed
Anyway, it's not unauthorized users that's a problem, but unauthenticated ones.
- 22 Feb 2012