[pmwiki-users] To disable html markup on publically-editable pages

Patrick R. Michaud pmichaud at pobox.com
Thu Nov 23 13:28:20 CST 2006


On Sat, Nov 18, 2006 at 06:01:26PM +0000, Lucian Wischik wrote:
> The cookbook has a page about enabling html.
> http://www.pmwiki.org/wiki/Cookbook/EnableHTML
> Someone asked how to have html in general, but disable it for
> publically-editable pages. PM recently suggested ROSPatterns.
> I came up with the following code, which seems to work.
> Does it look correct, please?
> 
> if (!CondAuth($pagename,"admin"))
> { $ROSPatterns["/(:html:)/i"] = "";
>   $ROSPatterns["/(:htmlend:)/i"] = "";
> }

However, note that the $ROSPattern needs some
backslashes in it, otherwise the parens remain:

   $ROSPatterns["/\\(:html:\\)/i"] = "";
   $ROSPatterns["/\\(:htmlend:\\)/i"] = "";

You might also wish to simply change the markup,
rather than eliminating it, so that an admin can
easily find where the (:html:)'s belong and
put them back:

   $ROSPatterns["/\\(:html:\\)/i"] = "[:html:]";
   $ROSPatterns["/\\(:htmlend:\\)/i"] = "[:htmlend:]";

> Do people agree that these ROSPatterns make (:html:)...(:htmlend:) safe?

It seems to me like we might be overlooking something here,
but I haven't seen a case where this would be a big
issue.  Just be sure that whatever surrounds the (:html:)...(:htmlend:)
doesn't have any includes of other pages, or things like that.

Pm




More information about the pmwiki-users mailing list