[pmwiki-users] Text variables & ZAP...
The Editor
editor at fast.st
Thu Oct 12 17:22:28 CDT 2006
On 10/12/06, Patrick R. Michaud <pmichaud at pobox.com> wrote:
> On Thu, Oct 12, 2006 at 01:09:25PM -0400, The Editor wrote:
> > part 1: Getting text variables to work with current ZAP format
> > [...]
> > The data pages store info as:
> > field="value"
> >
> > I have this line in my config.php file:
> > $PDataPattern[] = '/^(\\w+)="(.*?)"/m';
>
> It's $PageTextVarPatterns[], not $PDataPattern.
Ahh. Guess it changed from the original plans. My mistake. Got the
code from an old post.
> > Also, can you just set the pattern in local config files for the
> > actual pages calling the pagelist?
>
> Yes.
So I can set it for one page, and all the pages that are returned on
the pagelist will be scanned through this pattern. I'm actually quite
a bit concerned about security on ZAP, as text variables make
everything completely open. Even in a protected comment box unless I
try disabling the markup somehow. What would you suggest to avoid a
user entering somewhere:
{Profiles.AdminName{$:Password}} (or whatever the correct syntax is)
I'm thinking I'll set an option to store in either format, use the one
for more secure data, and the other for general kinds of data, and
then use the pattern matching if and where I need too for specific
pagelists.
> > As noted above the old format saves it as field="value". Which might
> > be an advantage, in that users CAN'T extract text variables if you
> > don't let them (by setting the PDataPattern).
> >
> > (ie {Profiles.AdminName$:Password}...
> >
> > Just the same, I would like to be able to use a better formatting,
> > such as field: value. I can get the data to save fine but not sure
> > how to do the reading both ways.
>
> Easiest would be to use the same sort of code that PmWiki does to
> read them -- see the PageTextVar() function for the way that PmWiki
> manages the parse.
After looking awhile I finally found it in the stmarkup.php file. But
wowsers! What a mess of code! I got to learn this pattern matching
stuff. It's powerful! But incomprehensible. My solution seems to work
well enough though, for the moment.
Looking at the code, it seems to me that if you use
$PageTextVarPatterns[] = '/^(\\w+)="(.*?)"/m';
you invalidate all the existing patterns. But if you did something like:
$PageTextVarPatterns['f="v"'] = '/^(\\w+)="(.*?)"/m';
it seems it would add one more element to the array and enable you to
read any of the alternatives. Is that correct? That would be useful
while the various ZAP pages switch between the two syntaxes (if I
decide to do that).
This was a great day today for ZAP! Real excited about being able to
use the text vars. I also noted on the roadmap you put up, that you
have the new forms markup soon on the agenda. Great!
Cheers,
Caveman
More information about the pmwiki-users
mailing list