[pmwiki-users] To disable html markup on publically-editable pages
Patrick R. Michaud
pmichaud at pobox.com
Thu Nov 23 13:28:20 CST 2006
On Sat, Nov 18, 2006 at 06:01:26PM +0000, Lucian Wischik wrote:
> The cookbook has a page about enabling html.
> http://www.pmwiki.org/wiki/Cookbook/EnableHTML
> Someone asked how to have html in general, but disable it for
> publically-editable pages. PM recently suggested ROSPatterns.
> I came up with the following code, which seems to work.
> Does it look correct, please?
>
> if (!CondAuth($pagename,"admin"))
> { $ROSPatterns["/(:html:)/i"] = "";
> $ROSPatterns["/(:htmlend:)/i"] = "";
> }
However, note that the $ROSPattern needs some
backslashes in it, otherwise the parens remain:
$ROSPatterns["/\\(:html:\\)/i"] = "";
$ROSPatterns["/\\(:htmlend:\\)/i"] = "";
You might also wish to simply change the markup,
rather than eliminating it, so that an admin can
easily find where the (:html:)'s belong and
put them back:
$ROSPatterns["/\\(:html:\\)/i"] = "[:html:]";
$ROSPatterns["/\\(:htmlend:\\)/i"] = "[:htmlend:]";
> Do people agree that these ROSPatterns make (:html:)...(:htmlend:) safe?
It seems to me like we might be overlooking something here,
but I haven't seen a case where this would be a big
issue. Just be sure that whatever surrounds the (:html:)...(:htmlend:)
doesn't have any includes of other pages, or things like that.
Pm
More information about the pmwiki-users
mailing list