[pmwiki-users] action=autoedit

Knut Alboldt pmwiki at alboldt.de
Mon Jun 26 07:20:46 CDT 2006 

Patrick R. Michaud schrieb:

> 
> I haven't implemented anything like this, but I would warn
> about spiders, which like to come along and activate
> any links you happen to provide on the page.  :-)  
> 
> In short, if you don't pass the link through a form submittal or
> authorization of some sort, you may quickly find that all of 
> your "todo" links mysteriously got "done".  :-)
> 

Thanks for the warning. We'll use that in the intranet only for 
autorized users logged on within apache, so I hope the risk will be 
reduced that far.

> Yes.  I think something like the following would work:
> 
>    if ($action == 'autoedit') {
>       ##   switch to 'edit' action, and indicate that the text is to be updated
>       $action = 'edit';
>       $_POST['post'] = 1;
>       ##   change this pattern 
>       $ROSPatterns['/todo/'] = 'done';
>     }
>     
> The first line invokes the special ?action=autoedit function,
> which switches the action to 'edit', thus invoking HandleEdit() later,
> and sets $_POST['post'] to indicate that the page is to be saved
> (as if an author had hit the "Save" button).
> 
> Since $_POST['text'] isn't set, HandleEdit() will use the existing
> page text as the text to be saved.  However, the $ROSPatterns entry
> will be applied to the page before it's actually saved.
> 
> Again, a problem with this is that any spider that happens
> to invoke ?action=autoedit in a link (and has edit authorization 
> to the page) will cause the page to be updated.  Better might be
> to actually have the icon be a form button that sets the
> value.  The link (in HTML) would need to look something like:
> 
>     <form action='$PageUrl' method='POST'>
>       <input type='hidden' name='n' value='$FullName' />
>       <input type='hidden' name='action' value='edit' />
>       <input type='submit' name='postdone' value='Done' />
>     </form>
> 
> If something like that is in place for the link, then all that 
> is needed in local/config.php is something to add the 
> $ROSPattern in response to a 'postdone' submit:
> 
>     if (@$_POST['postdone']) { $ROSPatterns['/todo/'] = 'done'; }
> 
> (PmWiki's HandleEdit() function already knows that any control
> beginning with the letters 'post' are an indication that the
> page is to be saved.)
> 
> Pm

Thanks a lot. I'll try both. If it's running I can add a Cookbook-Entry 
(with your warning).

Knut

More information about the pmwiki-users mailing list