[pmwiki-users] Feature request: Action lists in skins

Hans design at flutesong.net
Mon Apr 18 05:54:42 CDT 2005


Monday, April 18, 2005, 8:55:05 AM, Joachim wrote:
> However, the selection of available actions is critical to the security
> of the entire site. It's function, not form - and it should go to PHP.

Selecting actions to be displayed as links in pages is not critical to
security, because any available action can be typed into the url
address bar, so it does not matter what action links are seen on the
page. What get displayed and where what stays hidden is for the
convenience of the users and for the look mostly. If one wants to
disallow certain actions one need to disable or not enable them in
config.php, so they won't be accessible through the address bar
either.

So the display of action links in a skin is both a matter of form and
function, and not critical for site security.

Looking at the wikis which use gemini skin I observe that all of them
changed the pmwiki default selection of action links to whatever
they preferred for their site, so I see great merit in easy action
link customisation.

If ever users can choose individual configurations through
authentication profiles, then wiki pages seem the most obvious place
for easy action link configuration.

Meanwhile I try, as skin designer,  to give authors maximum
possibilities in choosing which links they want for certain groups and
pages, and ways of easily hiding action link bars through special
markup. Combine this with conditional markup and easy customisation
possibilities are endless.

Conditional markup is useful to hide certain links and display other
ones if wanted, but as Pm said it is not a security feature. Same with
which links are displayed by a skin and which not.


Best, 
~Hans                           




More information about the pmwiki-users mailing list