Notes

Custom conditional author

Note that I am using also a custom conditional in some templates in my examples, to check an author name against an author field value previously set. It is defined like this in config.php:

# add conditional markup: (:if author AUTHORNAME:)
->$Conditions['author'] = "\$GLOBALS['Author']==\$condparm";

Hide Delete Links with Conditonal Markup

Adding a delete link to the template like this

(:if author {$$author}{[foxdelrange]}(:if:)

will display the link only if the author name entered or previously entered and stored in the author cookie matches a value for author set previously in an author field. - This is not a foolproof secure method to prevent deletions of posts since someone else can use the same author name! The only safe way is to use (:if auth admin:){[foxdelrange]}(:if:) if $FoxAuth level is set to 'read', and to prevent viewing of th epage source by adding to the local config:

$HandleAuth['source'] = 'edit';

which then requires edit permission to view the source.
Or set it to 'admin' if you can't trust editors.

More on Security Considerations

If you add any line or range delete buttons or links in a template, Fox will generate special linekeys, made up of a timestamp and a random number element, to provide unique identifiers for each range of lines, or each line carrying a line delete link or button. Clicking a delete button or link will send the unique linekey attached to it, and Fox will look for the line or range of lines and delete it. I have used conditional markup in my examples to hide all delete links not associated with the author name. And generally I have not been able to delete any posts, if I could not see a delete link or button (and the opposite I find to be true: if a user sees delete links he/she can delete posts). But I am not sure how secure this is. It may be advisable to prevent action=source for users without edit permission, since the pmwiki source will carry all the linekeys. I am curious about other people's experiences regards the delete action, so I can revise it as necessary.

In any case all page modifications are recorded in the page history, and changes to a page are appearing in RecentChanges pages.


<< Delete Links | Index | Application Examples >>