Item12875: Add controls on some debugging options

A few things probably ought to be restricted.

-- GeorgeClark - 29 Apr 2014

It's possible to bypass security enforcing plugins, like AntiwikiSpamPlugin, SafeWikiPlugin, etc. by using debugenabledplugins url param This should probably be disabled by default.

Since it could be sent in a url to an admin user, this should be disabled for all users, not just logged in users, or even the admin group.

# **BOOLEAN**
# Enable this to allow use of the <tt>debugenabledplugins</tt> URL param.  
# This parameter could be used to disable security related extensions, and it not recommended to be enabled.
$Foswiki::cfg{AccessControl}{debugenabledplugins} = 0;

-- GeorgeClark - Apr 2014

My view is more radical; debugenableplugins should only be enabled when DEBUG is enabled. DONE in distro:da599d92f86b

-- CrawfordCurrie - 03 May 2014

Added LynnwoodBrown to waiting for .... he is looking into some template changes to hide history links which might be handy.

-- GeorgeClark - 05 Nov 2014

I don't think the example I was showing someone on irc (link to log) is too relevant here. As I understand the above discussion, the proposed feature would specifically disable certain security-related plugins. I was simply showing how to over-ride default template definitions. Turns out it was trickier than I first thought because the %REVISIONS% macro would not expand inside an IF macro. But that's another discussion...

-- LynnwoodBrown - 05 Nov 2014

Commenting is disabled while not logged in