On Tuesday 13 November 2007, Patrick R. Michaud wrote:
> However, as I mentioned above, at present I *am* a bit more
> open to the idea than I have been in the past, so if there are
> any cool ideas about how to overcome the security issues without
> too much work, now would be an excellent time to bring them forward.
Hello Patrick.
Here is some code I plan to use:
$SiteAttributesVars = array(
'$SiteGroup.SiteAttributes' => array('WikiTitle',
'EnableNotify', 'NotifyDelay', 'NotifySubjectFmt',
'EnableWSPre', 'EnableUpload',
'ThumbThread',
'EnableGUIButtons', 'EnableIMSCaching', 'Skin',
'DefaultName', 'DefaultGroup', 'DefaultPage',
'EnableGroupSkins', 'PageLogoUrl', 'EditTemplatesFmt',
'TimeFmt', 'EnableDrafts', '', '', '', '', '', ''),
'$Group.GroupAttributes' => array('WikiTitle',
'EnableWSPre', 'EnableGUIButtons', 'Skin',
'EditTemplatesFmt', 'TimeFmt', 'EnableDrafts', '', ''),
);
foreach($SiteAttributesVars as $pn=>$arr)
{
# are GroupAttributes disabled?
if(! intval($EnableGroupAttributes)
&& strpos($pn, '$Group')!==false ) continue;
$AttributesPage = FmtPageName($pn, $pagename);
if(PageExists($AttributesPage) )
{
$p = ReadPage($AttributesPage);
foreach($arr as $var)
{ if($var=='') continue;
$value = ExtractValue($p['text'], $var);
if($value=='') continue;
$$var = $value ;
}
}
}
function ExtractValue($text, $var)
{
if(preg_match("/^:?$var\\s*[:=](.*)$/m", $text, $m) )
return trim($m[1]);
}
Administrators can define which variables can be safely changed in
Site.SiteAttributes and Group.GroupAttributes pages. There, these variables
are written like PageTextVariables:
WikiTitle: My cool wiki
Skin: grease
EnableWSPre: 4
The reason I use an ExtractValue function and not the built-in PageTextVar()
is that these variables should be readable even when the page is @locked.
Thanks,
Petko
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
