[pmwiki-devel] ZAP configuration fields (was: PmWiki request)
Ben Stallings
Ben at InterdependentWeb.com
Tue Dec 12 10:31:25 CST 2006
Hans wrote,
> You know, seeing conditionals inside (:input :) markup makes me cringe.
> I know you try to create shorter syntax for ZAP.
> But you go against what people learned and know in PmWiki.
> You seem to have hijacked PmWiki's (:input:) markup
> and made something quite different out of it.
>
> To me any (:input ... :) should be only used to create form elements.
> Conditions as to when a form element shall be added to HTML output
> should stay out of the markup, as it is already possible with
> (:if ... :) markup. Manipulating any page variable used inside (:input
> :) should also stay outside of the markup.
It's easy to misunderstand what ZAP does with these tags... I did at
first, as well. All the (:input hidden :) tags in a ZAP form produce
actual hidden fields, via the core forms.php script, that are then
submitted with the form. The conditionals Caveman is proposing are not
for use when the form is displayed, they are for use when the form has
already been submitted. An (:if:) statement in the markup will not do
what he wants it to do, because it will affect the *display* of the form
rather than the *processing* of the form.
I've been lobbying Caveman off-list to move all of his configuration
variables out of hidden input fields and into page text variables,
because as input fields they potentially conflict with other field
names. I have a personal stake in this because I want ZAP to work with
databases whose fields have such generic names as "time" and "login".
Requiring admins to rename their database fields in order to work with
ZAP is not a good option, because frequently databases have to work with
other programs as well!
So in the syntax I'm waving in Caveman's direction, the tag
(:input hidden ifexists "parameter|action":)
would simply become
(:ifexists: "parameter|action":)
This would have the added benefit of removing the configuration
variables from the HTML code where people can tamper with them.
The only change to ZAP would be that it would need to read all the page
text variables off the current page (I've already found the code to do
this) and look there for its instructions, leaving $_POST free to carry
data only.
Can I get an amen? ;-) --Ben S.
More information about the pmwiki-devel
mailing list