[pmwiki-devel] ZAP configuration fields (was: PmWiki request)

Ben Stallings Ben at InterdependentWeb.com
Tue Dec 12 10:31:25 CST 2006

Hans wrote,
> You know, seeing conditionals inside (:input :) markup makes me cringe.
> I know you try to create shorter syntax for ZAP.
> But you go against what people learned and know in PmWiki.
> You seem to have hijacked PmWiki's (:input:) markup
> and made something quite different out of it.
> To me any (:input ... :) should be only used to create form elements.
> Conditions as to when a form element shall be added to HTML output
> should stay out of the markup, as it is already possible with
> (:if ... :) markup. Manipulating any page variable used inside (:input
> :) should also stay outside of the markup.

It's easy to misunderstand what ZAP does with these tags... I did at 
first, as well.  All the (:input hidden :) tags in a ZAP form produce 
actual hidden fields, via the core forms.php script, that are then 
submitted with the form.  The conditionals Caveman is proposing are not 
for use when the form is displayed, they are for use when the form has 
already been submitted.  An (:if:) statement in the markup will not do 
what he wants it to do, because it will affect the *display* of the form 
rather than the *processing* of the form.

I've been lobbying Caveman off-list to move all of his configuration 
variables out of hidden input fields and into page text variables, 
because as input fields they potentially conflict with other field 
names.  I have a personal stake in this because I want ZAP to work with 
databases whose fields have such generic names as "time" and "login". 
Requiring admins to rename their database fields in order to work with 
ZAP is not a good option, because frequently databases have to work with 
other programs as well!

So in the syntax I'm waving in Caveman's direction, the tag
(:input hidden ifexists "parameter|action":)
would simply become
(:ifexists: "parameter|action":)
This would have the added benefit of removing the configuration 
variables from the HTML code where people can tamper with them.

The only change to ZAP would be that it would need to read all the page 
text variables off the current page (I've already found the code to do 
this) and look there for its instructions, leaving $_POST free to carry 
data only.

Can I get an amen?  ;-)  --Ben S.

More information about the pmwiki-devel mailing list