Hi Rowan,
first of all thanks for analyzing my code :-)
Unforturnately, I've found 2 major problems with this:
This is bad :-/ But you should know, that I'm not expecting this piece of code working without any side effects, since a user management is far more complicated than a few lines :-) I don't think, that I will have any user that I don't know personally in my wiki, so my solution doesn't have to be perfectly secure. But it would be nice, of course :-)
Firstly, it allows any user to lock themselves
That's one thing I can tolerate.
Secondly, the content can be viewed by using the "preview" function:
But this I'd like to fix!
I guess it would be best to include some check after the page has been parsed, but before it gets displayed. If there is a function that gathers the categories (from db and from preview) and passes them to the parser, this would be perfect.
Is there some dataflow chart or something on the web, where the parsing mechanism is explained?
Cheers,
- Moritz