This is a static dump of issues in the old "Flyspray" bugtracker for DokuWiki. Bugs and feature requests are now tracked at the
issue tracker at Github
FS#2180 Managers can execute any admin->handle() method
ACL & Authentication
A user in the manager group always execute the handle() method of a admin plugin (but may not see any results, depending on forAdminOnly property). Not a big problem, but probably not intended.
I can't find not any more ACL checks between act_permcheck(), the attempt to load the plugin and following call to ->handle() in actions.php
Or have I missed something?