[pmwiki-devel] Regex and recipe philosphy

michael paulukonis xraysmalevich at gmail.com
Tue Jul 16 16:13:50 CDT 2013


Simon, I'm not clear on what your use-case is for documenting how to
rewrite ParseArgs.

You seem to be hinting at a potential security issue; if this is the case,
could you articulate?



-Michael Paulukonis
http://www.xradiograph.com
<http://goog_2112721603>Interference Patterns (a
blog)<http://www.xradiograph.com%5Cinterference>
@XraysMonaLisa <https://twitter.com/XraysMonaLisa>
http://michaelpaulukonis.com
<http://www.BestAndroidResources.com>

Sent from somewhere in the Cloud
(hearthrug, by the fender)


On Sun, Jul 14, 2013 at 5:28 AM, Simon <nzskiwi at gmail.com> wrote:

> Thank you everyone for your helpful feedback and answers.
>
> I have uploaded the first version of the recipe
> http://www.pmwiki.org/wiki/Cookbook/NZTopo
> (testing it here<http://khandallah.wellington.net.nz/pmwiki/pmwiki.php/Main/WikiSandbox>),
> as an inexperienced PHP developer treat me gently!
>
> Let me add to the discussion to say while there is a accepted method of
> doing this and thats fine,
> that it seems to me that for both security and usability reasons better
> definition of markup directive parameters is a good thing.
>
> This is where PmWiki could help out recipe writers to some extent with,
> for example, a precursor function to ParseArgs that might say DefineArgs,
> allowing regex definition of individual arguments and supporting use of
> arguments in any order.
>
> thanks
>
> Simon
>
>
> On 14 July 2013 01:22, Peter Bowers <pbowers at pobox.com> wrote:
>
>>
>> On Fri, Jul 12, 2013 at 11:39 PM, Simon <nzskiwi at gmail.com> wrote:
>>
>>> most directives accept anything within their scope, then use
>>> $arg = ParseArgs($args);
>>>
>>> Then the arguments defined are processed, and any unexpected arguments
>>> are disregarded.
>>>
>>> So my corollary question is:
>>> Is this good practice, or just expedient, given the difficulty (as I
>>> perceive it) of defining a parameter list in regex?
>>>
>>
>> Yes, both. It's good practice as well as being expedient.  As already
>> mentioned ParseArgs() is well-tested, elegant code which saves a developer
>> a ton of time.  At the same time its ability to handle positional or named
>> parameters and to allow parameters to be specified in any order allows
>> great flexibility on the part of users entering markup in pages (consider
>> how difficult it would be if you had to remember the exact order of each
>> parameter in a complex markup such as pagelist).
>>
>> -Peter
>>
>
>
> _______________________________________________
> pmwiki-devel mailing list
> pmwiki-devel at pmichaud.com
> http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.pmichaud.com/pipermail/pmwiki-devel/attachments/20130716/2c6516f7/attachment.html>


More information about the pmwiki-devel mailing list