[pmwiki-users] Retain markup expressions inside input and textareas

DaveG pmwiki at solidgone.com
Sun Dec 28 21:52:31 CST 2008 

Thanks for taking the time to respond Petko.

Petko Yotov wrote:
> Allowing users to add (:directives:) may be risky, they could add 
> (:noaction:), (:noleft:), (:noheader:), (:notitle:), (:redirect SomeWhere:), 
> (:linebreaks:) and other possibly dangerous / defacing markups like (:if 
> false:)
In this case security isn't an issue.


> If you really want to allow directives with "(:" and ":)" in posts of PmForm, 
> you can define another "PTV Pattern", and remove the existing one:
> 
> unset($PmFormPostPatterns); # or each one individually
> unset($PageTextVarPatterns['(:var:...:)']);
> $PageTextVarPatterns['(==var:...==)'] =
>   '/(\\(== *(\\w[-\\w]*) *:(?!\\))\\s?)(.*?)(==\\))/s';
Thanks for pointing me to PageTextVarPatterns -- I wasn't aware of that. 
However, your change seemed to cause some problems with other parts of 
the cookbook, that required the use of variable on the page -- which now 
aren't variables in the sense that they were being looked for (in the 
format (:xxx:yyy:).

> Note that this is a big change in how people use PageTextVariables in their 
> pages, so if someone is already using them, they may not want to change all 
> in order to use your recipe.
In this case I can restrict the change to only the pages I need, so not 
too big an issue, but still a potential problem.


> P.S. If you just need to add content in a page, but not edit it later in 
> PmForms, you could possibly add some (:directive:) in your local templates. 
> See how the user input is handled at PmForm:Comments and PmfTemplates:
>   http://www.pmwiki.org/pmform/PmForm/Comments
>   http://www.pmwiki.org/pmform/Site/PmFormTemplates
I'd actually used these as a basis for what I was trying to do.

At this point though it looks like there really is no good way to 
provide an alternate entry point for wiki markup type text. What I was 
hoping to do was something similar to Cookbook/EditMore -- provide some 
additional entry fields to be stored as variables on a wiki page. I got 
98% of the way there, with the final nail in the coffin being the markup. :(

At this point I think I'll just abandon the idea of having nice entry 
forms, and simply require the user to manually enter the in-page 
variable markup (:var:xxx:), and store the 'body' in the actual page.

Thanks for the help Petko.

  ~ ~ Dave

More information about the pmwiki-users mailing list