Re: [pmwiki-users] New installation and can't create new page
The most obvious thing I can think of is to make sure your webserver user has write permission on your wiki.d directory. Make sure the permissions on that directory match the ones on the files you can edit. On Nov 13, 2014 6:14 PM, "Didier Bretin" wrote: > Hello, > > I installed a new version of PmWiki for the first time on my > free.fr account. I can edit page with the password I setup > but I can't create new page. I have no specific error message. > > Do I forget something ? > > Regards. > -- > Didier Bretin > > ___ > pmwiki-users mailing list > pmwiki-users@pmichaud.com > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
[pmwiki-users] New installation and can't create new page
Hello, I installed a new version of PmWiki for the first time on my free.fr account. I can edit page with the password I setup but I can't create new page. I have no specific error message. Do I forget something ? Regards. -- Didier Bretin ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Is a pagelist fmt supposed to be overridable via request=1?
On 13.11.2014 20:17, Randy Brown wrote: Maybe someday request=1 can be expanded for security to allow request="order,list,trail,PTV,if" or whatever specific parameters you want to be overridable via the URL. Or maybe someone will think of a better solution. I committed to Subversion a change that would allow to define which request keys will be used or not as parameters. One could write: (:pagelist request=order,group:) allow only order and group to be replaced (:pagelist request=-fmt,-count:) disallow only fmt and count to be replaced (:pagelist request=1:) allow any parameter to be replaced (like now) Note that up to 2.2.70, request=2, request=anything works like request=1 (undocumented); if we decide to release the feature above, only request=1 will enable substitution (like documented). This needs testing so please get the pagelist.php file, test the feature and report any problems. Petko ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] EnableDrafts and PmForm
On 12.11.2014 19:56, Petko Yotov wrote:
To be clear, only the posting and saving to a draft page can be
configured. Opening a PmForm on an existing page will display the data
from the real page, not from an existing draft page.
Well, I committed to Subversion a change that would allow to define more
than one source= pages in input default. One could write:
(:input default source={*$FullName}-Draft,{*$FullName}:)
Then the values will be taken from the first page which exists and for
which the user has read permissions.
This needs testing so please get the forms.php file, test the feature
and report any problems.
Petko
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Is a pagelist fmt supposed to be overridable via request=1?
It just occurred to me that you can do the following without even using
request=1 (I'm using the Request recipe here):
(:pagelist (:if request order:)order={$?order}(:ifend:) (:if request
count:)count={$?count}(:ifend:) (:if request list:)list={$?list}(:ifend:) :)
If you need further restriction, the conditionals can be more specific.
Randy
On Nov 13, 2014, at 1:17 PM, Randy Brown wrote:
>
> Maybe someday request=1 can be expanded for security to allow
> request="order,list,trail,PTV,if" or whatever specific parameters you want to
> be overridable via the URL. Or maybe someone will think of a better solution.
>
> Randy
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Is a pagelist fmt supposed to be overridable via request=1?
Excellent point about security. Parameters like "fmt#include" and
"$:MySecretPTV=?*" could be problems.
OTOH, request=1 can sometimes make it much easier to offer users options for
pagelists.
Note that setting pagelist parameters via the URL is a non-issue in cases of
wikis that allow guests to edit any page at all, including WikiSandbox - since
the guest can then write a malicious directive on the page directly.
Markup like the following could plug some anticipated security holes (requires
the httpvariables recipe):
(:pagelist (:if ( !equal "{$?fmt}" "#ThisFmtAllowed" ) and ( !equal "{$?fmt}"
"#AlsoAllowed" ) :)fmt=#default(:else:)request=1(:ifend:) :)
But that doesn't prevent something like "$:MySecretPTV=?*" from being submitted
via the URL, since you may not know in advance what PTVs are hidden on pages
that need to be protected.
Maybe someday request=1 can be expanded for security to allow
request="order,list,trail,PTV,if" or whatever specific parameters you want to
be overridable via the URL. Or maybe someone will think of a better solution.
Randy
>
> It is not specifically forbidden but I'm not sure if it is desirable to
> work. People may access to your pagelists in ways you didn't
> specifically allow. Can this be a security issue? I don't know.
>
> Does anyone rely on this feature working?
>
> Petko
>
___
pmwiki-users mailing list
pmwiki-users@pmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Is a pagelist fmt supposed to be overridable via request=1?
On 13.11.2014 17:45, Randy Brown wrote: Is a pagelist fmt supposed to be overridable via request=1? I notice It is not specifically forbidden but I'm not sure if it is desirable to work. People may access to your pagelists in ways you didn't specifically allow. Can this be a security issue? I don't know. Does anyone rely on this feature working? Petko it doesn't always work. See http://www.pmwiki.org/wiki/Test/PagelistTemplateRequest If it's supposed to work, then I'd like to add a PITS entry to fix it. If it's not supported, or is only supported in certain cases, then I'd like to document the restrictions. Randy ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] Is a pagelist fmt supposed to be overridable via request=1?
Wouldn't it be somewhat risky to make this work? I could imagine some malicious uses (at least in write-protected wikis). --StefCT Am Donnerstag, 13. November 2014 schrieb Randy Brown : > Is a pagelist fmt supposed to be overridable via request=1? I notice it > doesn't always work. See > http://www.pmwiki.org/wiki/Test/PagelistTemplateRequest > > If it's supposed to work, then I'd like to add a PITS entry to fix it. If > it's not supported, or is only supported in certain cases, then I'd like to > document the restrictions. > > Randy > ___ > pmwiki-users mailing list > pmwiki-users@pmichaud.com > http://www.pmichaud.com/mailman/listinfo/pmwiki-users > ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
[pmwiki-users] Is a pagelist fmt supposed to be overridable via request=1?
Is a pagelist fmt supposed to be overridable via request=1? I notice it doesn't always work. See http://www.pmwiki.org/wiki/Test/PagelistTemplateRequest If it's supposed to work, then I'd like to add a PITS entry to fix it. If it's not supported, or is only supported in certain cases, then I'd like to document the restrictions. Randy ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
Re: [pmwiki-users] EnableDrafts and PmForm
On 11/12/2014 3:23 PM, michael paulukonis wrote: I look forward to the "distinct recipe to be written some day" as this would allow previews for BlogIt. I recall looking at implementing a Preview feature to BlogIt, and deciding it was going to be tough. At least on the surface, it would seem that a draft capability to PmForm would be a major step in being able to implement a preview feature. ~ ~ Dave ___ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
