[pmwiki-users] How to apply page security to page variables

Petko Yotov 5ko at 5ko.fr
Mon Feb 21 02:54:52 CST 2011


On Sunday 20 February 2011 03:38:38, Randy Brown wrote :
> I found the answer to the first part of my question in pmwiki.php.
> Apparently, here is what you can add to your config.php:
> 
> ## This ensures the listed page variables are controlled by page
> permissions $FmtPV['$LastModifiedSummary'] = '@$authpage["csum"]'; #
> instead of '@$page["csum"]' $FmtPV['$LastModifiedBy'] =
> '@$authpage["author"]';
> $FmtPV['$LastModifiedTime'] = '@$authpage["time"]';
> $FmtPV['$Title'] = 'FmtPageTitle(@$authpage["title"], $name, 0)';
> $FmtPV['$Titlespaced'] = 'FmtPageTitle(@$authpage["title"], $name, 1)';
> $FmtPV['$Description'] = '@$authpage["description"]';

Correct. 

> I'm still wondering about the relevance of where it's placed in config.php
> and the potential for this security to be inadvertently overridden by
> other recipes.

The $authpage settings should be placed before any function or recipe calls 
the PageVar or the PageTextVar functions. You can place them near the 
beginning of config.php before you include other scripts.

Thanks,
Petko



More information about the pmwiki-users mailing list