In my wiki I have branches that are open to the public, and branches that require login. I placed a REDIRECT directive in a private branch and was expecting the redirect not to be executed unless logged in.
However, to my surprise, the redirect was executed from the private branch, even when not logged in. This means that content of a page was exposed to a user without privileges (the information in the redirect statement). I was hoping I would be able to shield the information in the REDIRECT directive from a user without privileges.
I found this behavior concerning. (Nothing bad happened, though, since I happened to test it and immediately realized the issue.)
In my wiki I have branches that are open to the public, and branches that require login. I placed a REDIRECT directive in a private branch and was expecting the redirect not to be executed unless logged in. However, to my surprise, the redirect was executed from the private branch, even when not logged in. This means that content of a page was exposed to a user without privileges (the information in the redirect statement). I was hoping I would be able to shield the information in the REDIRECT directive from a user without privileges. I found this behavior concerning. (Nothing bad happened, though, since I happened to test it and immediately realized the issue.)