Patrick R. Michaud
pmichaud at pobox.com
Sat Jul 12 07:11:35 CDT 2003
On Sat, Jul 12, 2003 at 01:43:03PM +0200, Ruediger Marwein wrote:
> So I took a look at the code and implemented several changes which would be
> nice to have. In detail:
> 1. ability to set session name via variable ($SessionName)
Does this need to be done by a separate variable? In local.php, instead
$SessionName = 'my_session_name';
couldn't the administrator instead just do
and get the same result? I.e., does session_name *have* to go in upload.php?
> 2. use of a seperate hash key for the session entry to not accidently
> overwrite something elsewhere. (['PmWiki']['authpw'])
Would it be okay to do ['PmWiki-authpw'] instead of ['PmWiki']['authpw']?
Somehow creating the separate hash key seems overkill to me. I could even
make the 'authpw' string a configuration variable.
> 3. include posted stuff in the form as hidden fields for the case to have an
> unexcpected end of session after writing lots of text.
I agree this could be a problem--I'll have to look at this patch a bit.
Usually hidden fields in forms have to be managed with stripslashes()
by the PHP code, in case any of the fields contain slashes or
> Another thing:
> I see the $HTTP_*-vars everywhere... since php 4 those variables are there
> for backward compatibility. But as PmWiki does not run with earlier versions
> those should be replaced by the new $_GET,$_POST etc. to be up to date.
Actually, the $_GET, $_POST etc. variables weren't available until PHP 4.1.0.
Since (as far as I know) PmWiki still runs with PHP 4.0.x, I've stuck with
the $HTTP_* vars to maintain compatibility with those installations that
happen to have PHP 4.0.x (yes, I think some still exist). At some point
I'll switch over to the $_GET,$_POST,etc. vars, but don't see a need to
change before I'm forced to do it, such as when PHP comes out with a new
version that no longer supports the $HTTP_* vars.
Thanks for the excellent suggestions!
More information about the pmwiki-users