[pmwiki-users] variables for customization
Patrick R. Michaud
pmichaud at pobox.com
Thu Jul 7 09:13:21 CDT 2005
On Thu, Jul 07, 2005 at 04:00:41PM +0200, Joachim Durchholz wrote:
> >>In other words: if it looks the same, it should mean the same. If I find
> >>$PageName in a format string, the naming is consistent with
> >>(case-insensitive!) $pagename in the PHP code, so we expect the
> >>semantics to be consistent.
> >
> >Please-please-please, how many times do I have to repeat that the
> >$PageName substitution has been deprecated (since 2.0.devel14), thus
> >this particular mis-correspondence no longer exists!?!?
>
> Um... the persistence that $PageName crops up with just *might* be an
> indicator how strong the drive towards unified naming is ;-)
No, I think it's an indicator that you believe that $PageName (the
substitution) means the same thing as the $pagename variable. They
don't mean the same thing, which is why their names are no longer
"unified" and shouldn't be unified.
> >>>1. Things like "{$Group}" and "{$LastModified}" are *markup*.
> >>> You can call them "variables" or "markup variables" if it pleases
> >>> you, but they don't really exist as variables anywhere in the
> >>> PmWiki code, nor is there an enforced correspondence between them
> >>> and any PHP variable.
> >>
> >>My suggestion is to establish such a correspondence.
> >
> >Sorry, won't go there -- I fear it might be a bad idea from a
> >security perspective. Establishing this correspondence means that
> >a (malicious) author can use markup to inspect the value of global
> >variables.
>
> No, no, no. The idea is that *if* a PHP global is available for
> substitution, the placeholder should look the same as the variable.
Oh, once again, that already exists -- in PmWiki all of the
placeholders' names exactly correspond with their substitutions.
> ... well, whatever the details: the one thing that I really, really,
> really would like to see is that a name like $Group means the same,
> whether it's a PHP global, a placeholder, or {$var} markup. The only
> variation that I'd find justified is if a name is unavailable.
{$Group} markup and the "$Group" substitution always refer to the
group of the page being referenced. There is no $Group global
variable, because doing so interferes with the $Group substitution
used by FmtPageName() to determine the group of pages other than
the current one.
Pm
More information about the pmwiki-users
mailing list