[pmwiki-users] To disable html markup on publically-editable pages
Lucian Wischik
lu.gmane at wischik.com
Sat Nov 18 12:01:26 CST 2006
The cookbook has a page about enabling html.
http://www.pmwiki.org/wiki/Cookbook/EnableHTML
Someone asked how to have html in general, but disable it for
publically-editable pages. PM recently suggested ROSPatterns.
I came up with the following code, which seems to work.
Does it look correct, please?
if (!CondAuth($pagename,"admin"))
{ $ROSPatterns["/(:html:)/i"] = "";
$ROSPatterns["/(:htmlend:)/i"] = "";
}
My idea is that if someone has admin privileges, then on any page they
work on, they should be allowed to use the (:html:)...(:htmlend:) markup.
Even on the publically-editable comments page. But as soon as someone
comes along without admin privileges and they edit a page, then their
use of (:html:)...(:htmlend:) is disabled. The worst they can do is remove
some markup that was put there by an administrator. They can't do anything
actually bad.
Do people agree that these ROSPatterns make (:html:)...(:htmlend:) safe?
--
Lucian
More information about the pmwiki-users
mailing list