[pmwiki-devel] strange conversions: a FmtPageName bug
Hans
design5 at softflow.co.uk
Sun Mar 9 06:55:17 CDT 2008
Sunday, March 9, 2008, 2:33:29 AM, Patrick wrote:
> Also, as a general rule it's unwise to be calling FmtPageName()
> on strings that are coming from page markup, as this exposes
> the ability for people to view the values of variables that
> perhaps they shouldn't see. This is also why page variables
> (which come from markup) use PageVar() and PageTextVar() and
> don't go through FmtPageName().
I am not sure what to make of this.
I am only trying to read an edit template.
As I said originally:
I am trying to load an edit form with
$HandleEditFmt = array(&$PageStartFmt, &$PageEditFmt, &$PageEndFmt);
PrintFmt($pagename, $HandleEditFmt);
$PageEditFmt gets retrieved from a template on a EditForm page.
FmtPageName is used by the PrintFmt function, which replaces
variables handed to it in this case from $HandleEditFmt.
So if $HandleEditFmt (via $PageEditFmt) contains for instance
replacement variables like '{$$text}' the '$'t gets replaced with 'read'.
How can this be avoided?
Hans
More information about the pmwiki-devel
mailing list