[pmwiki-users] ZAP and "fun with forms"

The Editor editor at fast.st
Fri Apr 20 08:47:27 CDT 2007


On 4/20/07, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Fri, Apr 20, 2007 at 05:39:10AM -0400, The Editor wrote:
> > [...] I'm curious what mechanism Pm is using to
> > validate each post submission for authenticity.
>
> At the moment, one has to have edit permission on a page in order
> to post to it.
>
> > It may not be that
> > critical for  PTV replacement, but for deleting pages, resetting
> > passwd attributes, sending emails, or authenticating members, Pm may
> > recommend tougher security.
>
> I would definitely recommend tougher security for this, and I don't
> have any plans to use this interface for deleting pages, resetting
> password attributes, sending emails, authenticating members, etc.

Yes, that's what I suspected.

> > ZAP may also wait till the page insertion (comments) come out, as that
> > will also make a major impact on how it (and Fox) works. That way
> > there could be one major upgrade instead of two. I suspect this is
> > likely to be done soon now that Pm is in heart of the forms processing
> > phase of this round of beta development. I think that is one of the
> > last things still slated on his roadmap.
>
> Yes, it is one of the last things on the roadmap, and part of the
> reason for this "push" in development (I want to get 2.2.0 out of
> beta).

I'm looking forward to it. My plans are to try and bring ZAP out of
beta at about the same time, freeze it, and maintain that version as a
lasting stable release. Any future work with ZAP (not that I have
anything major in mind) will be done on an optional "latest" release.
This should make it much more useful to developers working with ZAP.
: )

> > I'm wondering if Pm, or any current ZAP users have input on the
> > direction ZAP should pursue?
>
> Since ZAP's goals are somewhat different from mine, I don't have
> any real recommendations.  None of the code that I've been implementing
> should have any direct negative impact on ZAP.

I think perhaps you are right. The more I think about it, the more
likely ZAP will continue to function as it does now, though there are
a couple nice things with what you've done I like.  It threw me at
first when you used the editform=... in the url, but now that I see
how it works, something like that could be very useful for ZAP forms
as well. I also like the $:field syntax for prepopulating fields, and
may see if I can't find a way to incorporate it into ZAP.

Thanks again for your skilled leadership Pm.  Always an inspiration.

Cheers,
Dan



More information about the pmwiki-users mailing list