[pmwiki-users] Referencing Page Variables through multiple pages / use markup expressions as pagename base for page variable path / AuthUser htpasswd behavior

Petko Yotov 5ko at 5ko.fr
Mon Nov 7 04:51:32 CST 2011

On Monday 07 November 2011 03:03:33, a.sonderhoff at gassi-tv.de wrote :
> 1) Page1's title is set to something like “MyTitle” Page2's title is set to
> “{Page1$Title}” and Page3's title is set to “{Page2$Title}”. Is the
> expected behavior that Page3's title reads “{Page1$Title}” and not
> “MyTitle̦”? 

No, the expected behavior is to have plain text "MyTitle" in all 3 pages.

But if you now change the title of Page1, some things will not be updated 

The current design logic has two sources for a page title, one is the 
(:title...:) directive from the currently processed page, the other is the 
title attribute from the disk file of the current, or of a different page.

When you read a page, what is in its (:title...:) directive is evaluated and 
displayed as a title. By the time the directive is processed, all page 
variables and markup expressions have been expanded to their plaintext values.

When you edit and save a page, the same happens, and the evaluated plain text 
title is stored as an attribute of the disk file.

The disk file attribute is used in the {Page$Title} page variables and in the 
[[link|+]] links, but it is the plain text value of your (:title:) directive 
at the time of the save.

The disk file attribute is used for 3 reasons:
* speed, when many links or variables request other titles of other pages,
  we don't fully process all the external pages just to get their titles
* to correctly get a page title when its title directive comes from an
  included page like GroupHeader
* to allow different title directives with custom markups.

> 2) Is there a way to substring say {$Group} with markup
> expressions and use the returned string in a new pagename to retrieve a
> page variable (e. g. {NewGroup.{(substr("{$Group}" 10))}$Title}? 

As Peter pointed out, the markup expression should probably be 
  {(substr "{$Group}" 10)}

> 3) We are
> using AuthUser with some users in SiteAdmin/AuthUser and other users in a
> .htpasswd (defined in local/config.php). Whenever rights attributes from
> pages are changed, the users defined in SiteAdmin/AuthUser are immediately
> logged out by force. the users defined in the .htpasswd are not logged out
> and ignore the new rights attributes until they log out manually. Can
> someone explain why .htpasswd users are handled differently? To me this
> looks like a potential security threat.

They should not be handled differently. The user who changes the attributes or 
passwords is logged out automatically, whether s/he is authenticated from 
config.php, SiteAdmn.AuthUser or .htpasswd.

The currently logged in users shouldn't ignore the new page attributes, 
because they are calculated every time a page is accessed.


More information about the pmwiki-users mailing list