[pmwiki-users] Retain markup expressions inside input and textareas
pmwiki at solidgone.com
Sun Dec 28 21:52:31 CST 2008
Thanks for taking the time to respond Petko.
Petko Yotov wrote:
> Allowing users to add (:directives:) may be risky, they could add
> (:noaction:), (:noleft:), (:noheader:), (:notitle:), (:redirect SomeWhere:),
> (:linebreaks:) and other possibly dangerous / defacing markups like (:if
In this case security isn't an issue.
> If you really want to allow directives with "(:" and ":)" in posts of PmForm,
> you can define another "PTV Pattern", and remove the existing one:
> unset($PmFormPostPatterns); # or each one individually
> $PageTextVarPatterns['(==var:...==)'] =
> '/(\\(== *(\\w[-\\w]*) *:(?!\\))\\s?)(.*?)(==\\))/s';
Thanks for pointing me to PageTextVarPatterns -- I wasn't aware of that.
However, your change seemed to cause some problems with other parts of
the cookbook, that required the use of variable on the page -- which now
aren't variables in the sense that they were being looked for (in the
> Note that this is a big change in how people use PageTextVariables in their
> pages, so if someone is already using them, they may not want to change all
> in order to use your recipe.
In this case I can restrict the change to only the pages I need, so not
too big an issue, but still a potential problem.
> P.S. If you just need to add content in a page, but not edit it later in
> PmForms, you could possibly add some (:directive:) in your local templates.
> See how the user input is handled at PmForm:Comments and PmfTemplates:
I'd actually used these as a basis for what I was trying to do.
At this point though it looks like there really is no good way to
provide an alternate entry point for wiki markup type text. What I was
hoping to do was something similar to Cookbook/EditMore -- provide some
additional entry fields to be stored as variables on a wiki page. I got
98% of the way there, with the final nail in the coffin being the markup. :(
At this point I think I'll just abandon the idea of having nice entry
forms, and simply require the user to manually enter the in-page
variable markup (:var:xxx:), and store the 'body' in the actual page.
Thanks for the help Petko.
~ ~ Dave
More information about the pmwiki-users