[pmwiki-users] New recipe: Fox

Hans design5 at softflow.co.uk
Wed Dec 20 13:27:29 CST 2006


Wednesday, December 20, 2006, 2:22:01 PM, marc wrote:

> By removing

>   $Author = $AuthId;

> I can force author.php to set author from $_POST['author'] and create a
> comment while not logged in.

> This is not solution, because removing $Author = $AuthId will break 
> other things.

I use in config.php:

include_once("$FarmD/scripts/authuser.php");

if ($AuthId) {
  $Author = $AuthId;
  setcookie('author',$Author,0,'/');
}
include_once("$FarmD/scripts/author.php");

so $Author = $AuthId; is only set if authuser.php is loaded (which
defined $AuthId).

Re: Fox
Fox does not do anything with the author value. In the commentbox
example the author value is simply used in the template to fill in a
name in the message header. And it is conveniently populated with
{$Author} in the form.

Still it is perplexing that saving  a post or deleting  a post is not
possible when no author is defined, even when both authuser.php and
author.php are not loaded. I find that it seems to depend on

$EnablePostAuthorRequired = 1;

setting it to zero or commenting the line makes it possible to post
and to delete posts with fox, even with no author supplied.

Fox is doing very little or nothing to validate field input.
CommentBoxPlus is still more clever there, as it checks at least via
javascript if you have entered text and an author name. It is easier
to program since the form gets defined within the script.
Fox on the other hand relies on the PmWiki Input controls.
One can develop customised versions which will use minimum javascript
input validation. But this is not up to Fox.


Hans





More information about the pmwiki-users mailing list