Problem solved, thanks to Dave and Hans!
For me and my users, this should do the trick in local/config.php
$page = RetrieveAuthPage($pagename, 'read', true);
if ($page['passwdedit']) Markup(...);
But could I have known about $page['passwdedit'] in the first place?
Did I overlook some documentation page, or is it just a matter of
reading pmwiki source code
(and/or every contribution in this mailing list)?
Kind regards,
Frank
DaveG wrote:
> <<back on list>>
>
> On 10/1/2009 4:25 PM, Frank Schweickert wrote:
>>
>>> In order to check for edit access to a page use RetrieveAuthPage():
>>> RetrieveAuthPage($pagename, 'edit', true, 0)
>> Yes, but this test would enable a malicious <script> on a not-password
>> protected page for authorized editors, wouldn' it? (no good!)
>> I wanted to make sure that <script> tags are ignored on any page that
>> does not require any password,
>> i.e. that has no password set along the "authcascade" (I found that word
>> somewhere...),
>> but that <script> is honoured for any even anonymous user on a page that
>> has some edit password set (to make sure it is a good script)
> So you want to:
> # ignore <script> tags on non-password protected pages
> # honor <script> tags for all pages with edit password set
>
> As you point out the problem with the RetrieveAuthPage approach is
> that for non-password protected pages everyone has edit access. Then
> in that case I think you'd need to check the password page attribute
> (refer to the answers on my post earlier today "Setting page privs
> from config.php"). You can do that by using code similar to what Hans
> suggested:
>
> $page = RetrieveAuthPage($pagename, 'read', true);
> if (!$page) echo "?cannot read $pagename";
> if ($page['passwdedit']) { DEFINE MARKUP }
> else { BLANK OUT THE MARKUP }
>
>
> ~ ~ Dave
>
--
_______________________________________________________________________
Dr. Frank F. Schweickert
AMSTEL Institute, Faculty of Science, University of Amsterdam
Science Park 904, Amsterdam, Room C2-1.22
Postal address: Postbus 94224, 1090 GE Amsterdam
Phone: +31 20 525-8475 (secr. -5886)
http://www.science.uva.nl/amstel
http://www.natsim.net
_______________________________________________
pmwiki-devel mailing list
pmwiki-devel@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
