Hi Rowan,
first of all thanks for analyzing my code :-)
Unforturnately, I've found 2 major problems with
this:
This is bad :-/ But you should know, that I'm not expecting this piece of code
working without any side effects, since a user management is far more
complicated than a few lines :-) I don't think, that I will have any user
that I don't know personally in my wiki, so my solution doesn't have to be
perfectly secure. But it would be nice, of course :-)
Firstly, it allows any user to lock themselves
That's one thing I can tolerate.
Secondly, the content can be viewed by using the
"preview" function:
But this I'd like to fix!
I guess it would be best to include some check after the page has been parsed,
but before it gets displayed. If there is a function that gathers the
categories (from db and from preview) and passes them to the parser, this
would be perfect.
Is there some dataflow chart or something on the web, where the parsing
mechanism is explained?
Cheers,
- Moritz