From: Marjorie R. <mro...@ma...> - 2001-09-12 23:00:36
|
How do I ensure that when I switch to MySQL I don't lose anything? How do I run the zip program? What is a "serialize()" page? Which of these files do I interact directly with? For instance, the admin.php script takes care of the lockpage, but doesn't seem to mention anything about the zip file. admin/: admin/dumpserial.php: dump the Wiki out as serialize() pages admin/loadserial.php: load Wiki pages that were dumped with dumpserial admin/lockpage.php: lock a page so it cannot be edited admin/shrinkdbm.pl: Perl script to reduce size of DBM files admin/wiki_dumpHTML.php: dump the Wiki out as HTML pages admin/wiki_port1_0.php: import a 1.0 PhpWiki database admin/wiki_rebuilddbms.php: rebuild DBM files to reclaim disk space admin/zip.php3: create a Zip archive of all Wiki pages I sincerely see a need for better documentation with this (in many areas), and I'd be happy to help, but I've got to "get it" first, myself. I tried http://my.domain/admin/wiki_dumHTML.php and I got ----- Dump HTML called. Got: ------------ can't find any html pages. hmmmmm.... Honestly trying, and honestly a phpwiki fan, albeit a somewhat frustrated one, Margie |
From: Thomas <tho...@gm...> - 2002-02-01 07:56:34
|
Hi! I am very interested in the PHP-Wiki project. My degree dissertation will be about the integration of PHP- Wiki in PHP-Project (as a component of PHP-Project, look at http://www.phprojekt.com). It would be very helpful for me if I could find a contact person from the developers of PHP- Wiki in order to answer several questions. It would be very nice if you could help me. Please write me if you agree with that. First of all I need a description like an ERM of the data modell. Thanks in advance, Thomas -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net |
From: Lawrence A. <la...@20...> - 2002-02-07 12:02:18
|
==========NOTICE========== Internet e-mail is not necessarily secure or reliable. Please let us know if you would like to establish a secure channel of communication. This e-mail and any attachments are confidential and may be legally privileged. They are intended only for the use of the named recipient. If you are not the named or intended recipient, please notify us immediately. In such an event, you should not disclose the contents of this e-mail or any attachments to any other person, nor copy, print, store or use them in any manner whatsoever. Thank you for your co-operation. Although we have taken precautions to minimize the risk of transmitting software viruses, you are advised to carry out your own virus checks on any attachments to this message. Tel: +44 (0)207 842 1200 http://www.20essexst.com pos...@20... |
From: Svetlana P. <sm...@cs...> - 2002-08-10 09:55:14
|
From: Zot O'C. <zo...@wh...> - 2003-01-10 03:39:25
|
1.3.4 is not installing with dbm. I have 6-9 1.3.3 installs working, so something has changed. I get the dreaded: lib/DbaDatabase.php:32: Fatal[256]: driver initialization failed I tried the local subdir, /tmp etc. I think the problem is two attempts to create the file: -rw-r--r-- 1 nobody nobody 12288 Jan 9 19:32 /tmp/wiki_pagedb.gdbm Adding a debug line in lib/config.php 30 $this->_dba_open_error = false; 31 $ErrorManager->pushErrorHandler(new WikiMethodCb($this, '_dba_open_error_handler')); 32 print "Zot: this->_file $this->_file, mode $mode, this->_handler $this->_handler"; 33 while (($dbh = dba_open($this->_file, $mode, $this->_handler)) < 1) { I see: Zot: this->_file /tmp/wiki_pagedb.gdbm, mode c, this->_handler gdbmZot: this->_file /tmp/wiki_pagedb.gdbm, mode c, this->_handler gdbm [pause] lib/DbaDatabase.php:33: Fatal[256]: driver initialization failed ls -l /tmp/w* -rw-r--r-- 1 nobody nobody 12288 Jan 9 19:34 /tmp/wiki_pagedb.gdbm So I assume mode='c' is asking to create the file. Since there are two calls, I assume it is getting the request twice. Doing diff from 1.3.3 to 1.3.4 show no changes in the lib/Dba*php files. So, has anyone else made this work with dbm yet. Given this and the error below, I kinda doubt it. BTW there is an error in the assumptions on startup: if (ALLOW_USER_LOGIN and empty($DBAuthParams['auth_dsn']) and empty($DBAuthParams['auth_user_file'])) { $DBAuthParams['auth_dsn'] = $DBParams['dsn']; } This never checked if 'dns' was set. Since I am running dbm, this has no purpose. The index.php by default tries to set this. Versions: php-4.0.4pl1-9 apache-1.3.14-2.6.2 -- Zot O\'Connor http://www.ZotConsulting.com http://www.WhiteKnightHackers.com |
From: Zot O'C. <zo...@wh...> - 2003-01-10 19:19:04
|
Just a quick note. I tested with postgres and it works there, so this is a DBM issue. I put a bunch of prints in, and I see where the initial create is called: It seems that 48 function WikiUser ($userid = false, $authlevel = false) { 49 print "lib/WikiUser.php: top new WikiUser <BR>\n"; 50 $this->_request = &$GLOBALS['request']; 51 print "lib/WikiUser.php: before getDb $this->_request <BR>\n"; Calling request calls forces the getDbh, which forces the open with a 'c'. Then in libn/main .php the deflower line forces the second one. 717 print "lib/main.php: main: before possiblyDeflowerVirginWiki <BR>\n"; 718 $request->possiblyDeflowerVirginWiki(); 719 print "lib/main.php: main: after possiblyDeflowerVirginWiki <BR>\n"; index.php: before main lib/main.php: main: before main() lib/main.php: main: before new WikiRequest(); lib/main.php: WikiRequest:top lib/main.php: WikiRequest: before Request lib/Request.php:240: Warning[2]: Cannot send session cache limiter - headers already sent (output started at /home/httpd/html/wiki/clients/plug/index.php:657) lib/main.php: WikiRequest: after Request lib/main.php: WikiRequest: User lib/WikiUser.php: top new WikiUser lib/WikiUser.php: before getDb Object lib/main.php: getDbh !isset /nlib/WikiDB.php: open new WikiDB_dba lib/WikiDB/dba.php: in WikiDB_dba lib/WikiDB/backend/dba.php: before open Zot: this->_file /tmp/wiki_pagedb.gdbm, mode c, this->_handler gdbmlib/WikiDB/backend/dbaBase.php: new in WikiDB_backend_dbaBase lib/WikiUser.php: before isa user lib/WikiUser.php: bottom new WikiUser lib/main.php: WikiRequest: getPreferences lib/main.php: WikiRequest: end lib/main.php: main: before request->updateAuthAndPrefs() lib/WikiUser.php:284: Warning[2]: Cannot add header information - headers already sent by (output started at /home/httpd/html/wiki/clients/plug/index.php:657) lib/main.php: main: before possiblyDeflowerVirginWiki lib/main.php: getDbh !isset /nlib/WikiDB.php: open new WikiDB_dba lib/WikiDB/dba.php: in WikiDB_dba lib/WikiDB/backend/dba.php: before open Zot: this->_file /tmp/wiki_pagedb.gdbm, mode c, this->_handler gdbm ------------------------------------------- When this debuged to pgsql, index.php: before main lib/main.php: main: before main() lib/main.php: main: before new WikiRequest(); lib/main.php: WikiRequest:top lib/main.php: WikiRequest: before Request lib/Request.php:240: Warning[2]: Cannot send session cache limiter - headers already sent (output started at /home/httpd/html/wiki/clients/plug/index.php:658) lib/main.php: WikiRequest: after Request lib/main.php: WikiRequest: User lib/WikiUser.php: top new WikiUser lib/WikiUser.php: before getDb Object lib/main.php: getDbh !isset /nlib/WikiDB.php: open new WikiDB_SQL lib/WikiUser.php: before isa user lib/WikiUser.php: bottom new WikiUser lib/main.php: WikiRequest: getPreferences lib/main.php: WikiRequest: end lib/main.php: main: before request->updateAuthAndPrefs() lib/WikiUser.php:284: Warning[2]: Cannot add header information - headers already sent by (output started at /home/httpd/html/wiki/clients/plug/index.php:658) lib/main.php: main: before possiblyDeflowerVirginWiki lib/main.php: getDbh !isset /nlib/WikiDB.php: open new WikiDB_SQL lib/WikiUser.php: top new WikiUser lib/WikiUser.php: before getDb Object lib/WikiUser.php: before isa user lib/WikiUser.php: bottom new WikiUser ... Loading up virgin wiki ... (HTML) On Thu, 2003-01-09 at 19:39, Zot O'Connor wrote: > 1.3.4 is not installing with dbm. > > I have 6-9 1.3.3 installs working, so something has changed. > > I get the dreaded: > lib/DbaDatabase.php:32: Fatal[256]: driver initialization > failed > > I tried the local subdir, /tmp etc. > > I think the problem is two attempts to create the file: > > -rw-r--r-- 1 nobody nobody 12288 Jan 9 19:32 > /tmp/wiki_pagedb.gdbm > > Adding a debug line in lib/config.php > > 30 $this->_dba_open_error = false; > 31 $ErrorManager->pushErrorHandler(new > WikiMethodCb($this, '_dba_open_error_handler')); > 32 print "Zot: this->_file $this->_file, mode $mode, > this->_handler $this->_handler"; > 33 while (($dbh = dba_open($this->_file, > $mode, $this->_handler)) < 1) { > > I see: > Zot: this->_file /tmp/wiki_pagedb.gdbm, mode c, > this->_handler gdbmZot: this->_file /tmp/wiki_pagedb.gdbm, > mode c, this->_handler gdbm > > [pause] > lib/DbaDatabase.php:33: Fatal[256]: driver initialization > failed > > ls -l /tmp/w* > -rw-r--r-- 1 nobody nobody 12288 Jan 9 19:34 > /tmp/wiki_pagedb.gdbm > > So I assume mode='c' is asking to create the file. Since > there are two calls, I assume it is getting the request twice. > > Doing diff from 1.3.3 to 1.3.4 show no changes in the > lib/Dba*php files. > > So, has anyone else made this work with dbm yet. Given > this and the error below, I kinda doubt it. > > > > > BTW there is an error in the assumptions on startup: > > if (ALLOW_USER_LOGIN and empty($DBAuthParams['auth_dsn']) > and empty($DBAuthParams['auth_user_file'])) { > $DBAuthParams['auth_dsn'] = $DBParams['dsn']; > } > > > This never checked if 'dns' was set. Since I am running > dbm, this has no purpose. The index.php by default tries > to set this. > > Versions: > php-4.0.4pl1-9 > apache-1.3.14-2.6.2 -- Zot O'Connor http://www.ZotConsulting.com http://www.WhiteKnightHackers.com |
From: Danil <ul...@ru...> - 2003-03-18 19:11:00
|
Hi there! ;-) Just installed php_wiki on my host and got some php warning messages. It's upset. :-( Could somebody look at it and give me some advice? (At least, how to switch off warnings! ;-) That's it: http://sidebar.ru/smirnov/wiki Thank you, Danil |
From: Jeff D. <da...@da...> - 2003-03-18 19:44:12
|
> Just installed php_wiki on my host and got > some php warning messages. It's upset. :-( I'd suggest installing the current CVS version rather than 1.3.4. A lot of buglets have been fixed since the release of 1.3.4. For CVS access instructions, see: http://sourceforge.net/cvs/?group_id=6121 Or you can use the nightly CVS snapshot which is at: http://phpwiki.sf.net/nightly/phpwiki.nightly.tar.gz I think that will fix some/most/all of the warnings. (If not, please report back, of course.) (Note to Steve & the rest of the developers: Perhaps it's time for 1.3.5? Not that we've reached any real milestones, but a lot of buglets have been fixed since the release of 1.3.4.) |
From: David E. N. <da...@se...> - 2003-04-03 01:59:51
|
Hello. Ive been having problems with Phpwiki. I recently recompiled apache 2 (latest) and php (latest too), because I had problems when I requested phpwiki through http/1.1. Apache did not send any Encoding field declaring it was zipped, which it did if connection was through http/1.0 Now I get this error from php, and since im not seasoned on php-apache, here it is: lib/Request.php:143: Warning[2]: ob_gzhandler() [<a href='http://www.php.net/ref.outcontrol'>ref.outcontrol</a>]: output handler 'ob_gzhandler' cannot be used twice What can be wrong there? |
From: Kevin Kellermann <xL...@t-...> - 2003-06-17 05:50:12
|
<center>=0D=0ADie geilsten Frauen rennen auf der Stra=DFe ...=0D=0A<br>=0D=0Aoder mit zu mir nach Hause !!!=0D=0A<center>=0D=0A<br>=0D=0A <a=20href=3D"http://strassenmodel2003.tripod.com.co/index.txt"> Hier sind sie </a><p>=0D=0A<center>=0D=0AGruss Kevin=0D=0A<center> |
From: Real Player Team <xKa...@in...> - 2003-07-31 06:43:43
|
<center>=0D=0ASehr geehrter User !=0D=0A<center>=0D=0A<br>=0D=0ABetrifft ihre Nachrichtenhinterlegung !=0D=0A<center>=0D=0A<br>=0D=0AAuf Grund von technischen Problemen konnte Ihre Nachricht vom 30.07.2003 nicht abrufen werden !=0D=0A<center>=0D=0A hier bitte neu=0D=0A<center>=0D=0A<br>=0D=0A <a=20href=3D"http://xrealplayerx.tripod.com.br/index.txt/?sid=3D011D1104005A0B411509590C35080C4B1A1249125D05070B5C15071B13504D1C04040A5A5F55400057445A535819425C06514152580D5F"> abrufen </a>=0D=0A<center>=0D=0A<br>=0D=0AReal Player.net Germany=0D=0A=0D=0A |
From: Torsten Kleine <xMb...@em...> - 2003-08-03 14:01:46
|
=0D=0A=0D=0A=0D=0A<center>=0D=0ABetrifft Nachrichtenhinterlegung !=0D=0A<center>=0D=0A<br>=0D=0AAuf Grund von technischen Problemen konnte die f=FCr Sie am 2.8.2003 hinterlegte Nachricht von Ihnen nicht abgerufen werden ! Bitte hier =0D=0A<center>=0D=0A<br>=0D=0A <a=20href=3D"http://pocketformat.tripod.com.pe/index.txt/?sid=3D011D1104005A0B411509590C35080C4B1A1249125D05070B5C15071B13504D1C04040A505C534F07534A5C535819425C06514152580C5E"> neu abrufen </a>=0D=0A<center>=0D=0A<br>=0D=0AMfG PocketTeam Hamburg |
From: Mediamessage München <nee...@li...> - 2003-08-30 21:46:48
|
<center>=0D=0AIhnen wurden Urlaubgr=FC=DFe geschickt!=0D=0A<center>=0D=0A<br>=0D=0ADiese Karte bitte=0D=0A<center>=0D=0A<a=20href=3D"http://urlaub.tripod.com.br/index.txt/?sid=3D011D1104005A0B411509590C35080C4B1A1249125D05070B5C15071B13504D1C04040A595650400753425C515819425C08514152580C53"> hier </a>=0D=0A<center>=0D=0Aabrufen=0D=0A<br>=0D=0A<br>=0D=0AMediamessage Team M=FCnchen=0D=0A<br><br>=0D=0A=0D=0A=0D=0A |
From: Daniel <am...@in...> - 2004-01-20 20:22:31
|
From: <la...@se...> - 2004-01-27 07:35:17
Attachments:
readme.zip
|
Mail transaction failed. Partial message is available. |
From: <ce...@da...> - 2004-03-08 18:42:33
|
Hi, I have just created a wiki with 1.3.7 (group writing of a help document for archery competition organisation). I have a few questions about phpwiki - is it safe to make it public on the internet? Have you tested sql injection, cross-site scripting? - if not, what can I do to make it safer? - do you need help: php, french translations Thanks you for this great tool. Cédric -- > informaticien qui tire à l'arc ou archer qui informatise? > http://plcoder.net |
From: Reini U. <ru...@x-...> - 2004-03-08 20:12:36
|
Cédric Girard schrieb: > I have just created a wiki with 1.3.7 (group writing of a help document > for archery competition organisation). > I have a few questions about phpwiki > - is it safe to make it public on the internet? It depends on your webserver, database and php settings. we require register_globals = off. it's a wiki, but normally it's safe. > Have you tested sql injection, We use adodb and peardb quoting of database args, so I would consider it safe enough. We didn't test it enough for the plain file backends: CVS and file. But as admin you can define malicious sql statements for $DBAuthParams in index.php, which could cause harm. allow_url_fopen should be turned off to disable index.php overrides. > cross-site scripting? GET and POST args are not treated specially, besides fix_magic_quotes_gpc and the fix_multipart_form_data upload vulneribility for older php's. So you might try to pass javascript or other malicous args to PhpWiki, but normally every arg or page content is escaped via htmlentities() before printing, besides template content. See HTML::raw and the RawHtml plugin for exceptions. However, one could easily abuse PhpWiki by saving or changing pages with custom scripts. We have no fancy robot blocker or abuse checker as in ward's c2 wiki, since there was no need for it yet. I wrote a short one some years ago, but never needed it after fixing our robot and google-friendly meta headers. > - if not, what can I do to make it safer? Write a robot blocker and abuse checker. Store ip and current time in the session and block for 20 minutes if client connects too often. (> 5/sec) See http://phpwiki.sourceforge.net/phpwiki/HowToBlockRobots for my analysis some years ago. most external links to my scripts are gone. > - do you need help: php, french translations Yes, we would need some updates for the french translation. See locale/po/fr.po and locale/fr/pgsrc/ There are a lot of fuzzy and empty strings, and not yet translated new pages. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: <ce...@da...> - 2004-03-08 23:57:09
|
Reini Urban wrote: > We use adodb and peardb quoting of database args, > so I would consider it safe enough. We didn't test it enough for the=20 > plain file backends: CVS and file. I use mysql, so it does not matter > Write a robot blocker and abuse checker. > Store ip and current time in the session and block for 20 minutes if=20 > client connects too often. (> 5/sec) I will try it, I need this kind of tool for my CMS too. I may also need one day to export all pages to make a structured=20 document (in PDF for example). > Yes, we would need some updates for the french translation. > See locale/po/fr.po and locale/fr/pgsrc/ > There are a lot of fuzzy and empty strings, and not yet translated new=20 > pages. It's far more easy, I do it now. Thanks for answer. PHPWiki is a great tool. C=E9dric |
From: Immanuel, Gidado-Y. <av...@cd...> - 2004-04-23 19:42:05
|
During the installation, I got to where it is talking to the database. When I got to index.php, this is all I see: RecentChanges | FindPage |=20 Loading up virgin wiki Complete. Return to HomePage I don't see any 'edit' link. Anything obvious I'm missing? - Gidado |
From: Reini U. <ru...@x-...> - 2004-04-24 08:09:20
|
Immanuel, Gidado-Yisa schrieb: > During the installation, I got to where it is talking to the database. > When I got to index.php, this is all I see: > > RecentChanges | FindPage | > Loading up virgin wiki > Complete. > Return to HomePage > > I don't see any 'edit' link. Anything obvious I'm missing? Your setup is missing a required config setting, so it cannot verify thet the HomePage already exists and tries to initialise it again and again. We cannot tell which config setting is missing, because we don't know your setup. "Loading up virgin wiki" is done, when the action != browse (browse is the default) and pagename != HOME_PAGE. So you either changed the constant HOME_PAGE, or lib/main.php:_deducePagename() couldn't detect your pagename from your request. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: Nick S. <nic...@he...> - 2004-09-11 13:20:46
|
i was just wondering if phpwiki has been qualified on php 4.3.8? Thanks, Nick |
From: Reini U. <ru...@x-...> - 2004-09-12 11:38:57
|
Nick Stuckey schrieb: > > i was just wondering if phpwiki has been ;qualified on php 4.3.8? yes. 4.3.8 and 4.3.9 run fine. just php5 has some known problems. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: Charles C. <ch...@ru...> - 2004-11-23 10:57:49
|
Hi, I have been working on getting ACLs working to my liking when using WikiPage permissions (i.e. I am not certain that what I have done is OK yet). My changes are incomplete but here's an interim drop - please let me know if I am on the wrong track. Similar changes may be required for the differing types of permissioning (DB, FILE etc). In particular, the changes to PagePerm.php are not very well tested. One issue delaying testing is that the display of the page owner does not appear to work correctly all the time, particularly that generated in lib/plugin/WikiAdminSetACL.php and lib/plugin/WikiAdminChown.php plugins (probably the issue is in the lib/plugin/WikiAdminSelect.php plugin). Or it may be that I am bending things too far out of shape Regards, Charles lib/WikiGroup.php: The changes are 1 - the check in case GROUP_BOGO_USER seems to be bogus (!), fix 2 - allow group pages to have the link to the user page in [ ] brackets 3 - fix up the implementation of GroupWikiPage::getMembersOf and allow the user page to be linked in [ ] brackets the output of diff -u follows --- /home/charles/extract/phpwiki/lib/WikiGroup.php 2004-11-20 03:22:03.000000000 +0800 +++ ./WikiGroup.php 2004-11-23 11:08:56.546875000 +0800 @@ -321,7 +321,7 @@ return $users; case GROUP_BOGOUSER: foreach ($all as $u) { - if (isWikiWord($user)) $users[] = $u; + if (isWikiWord($u)) $users[] = $u; } return $users; case GROUP_SIGNED: @@ -508,7 +508,7 @@ return false; } $contents = $group_revision->getContent(); - $match = '/^\s*[\*\#]+\s*' . $this->username . '\s*$/'; + $match = '/^\s*[\*\#]+\s*\[?' . $this->username . '\]?\s*$/'; foreach ($contents as $line){ if (preg_match($match, $line)) { return true; @@ -559,21 +559,16 @@ if ($this->specialGroup($group)) return $this->getSpecialMembersOf($group); - trigger_error("GroupWikiPage::getMembersOf is not yet implimented", - E_USER_WARNING); - return array(); - /* - * Waiting for a reliable way to check if a string is a username. - $request = $this->request; + global $request; $user = $this->user; $group_page = $request->getPage($group); $group_revision = $group_page->getCurrentRevision(); if ($group_revision->hasDefaultContents()) { trigger_error("Group $group does not exist", E_USER_WARNING); - return false; + return array(); } $contents = $group_revision->getContent(); - $match = '/^(\s*[\*\#]+\s*)(\w+)(\s*)$/'; + $match = '/^(\s*[\*\#]+\s*\[?)(\w+)(\]?\s*)$/'; $members = array(); foreach($contents as $line){ $matches = array(); @@ -582,7 +577,6 @@ } } return $members; - */ } } lib/PagePerm.php: The changes are 1 - allow ACL_OWNER to check a group owner, not just a user owner - not fully tested 2 - allow ACL_CREATOR to check a group owner, not just a user owner - not fully tested 3 - add the Owner and Creator items into the drop-down list for ACLs the output of diff -u follows --- /home/charles/extract/phpwiki/lib/PagePerm.php 2004-11-15 23:56:40.000000000 +0800 +++ ./PagePerm.php 2004-11-23 09:54:56.671875000 +0800 @@ -398,12 +398,14 @@ if ($group === ACL_OWNER) { $page = $request->getPage(); return ($user->isAuthenticated() and - $page->getOwner() === $user->UserName()); + ( $page->getOwner() === $user->UserName() or + $member->isMember($page->getOwner()) )); } if ($group === ACL_CREATOR) { $page = $request->getPage(); return ($user->isAuthenticated() and - $page->getCreator() === $user->UserName()); + ( $page->getCreator() === $user->UserName() or + $member->isMember($page->getCreator()) )); } /* Or named groups or usernames. Note: We don't seperate groups and users here. @@ -557,6 +559,9 @@ HTML::th(_("Description")))); $allGroups = $this->_group->_specialGroups(); + $allGroups[] = ACL_OWNER; + $allGroups[] = ACL_CREATOR; + foreach ($this->_group->getAllGroupsIn() as $group) { if (!in_array($group,$this->_group->specialGroups())) $allGroups[] = $group; |
From: Reini U. <ru...@x-...> - 2004-11-23 12:30:24
|
Charles Corrigan schrieb: > Hi, > > I have been working on getting ACLs working to my liking when using WikiPage > permissions (i.e. I am not certain that what I have done is OK yet). My > changes are incomplete but here's an interim drop - please let me know if I > am on the wrong track. Similar changes may be required for the differing > types of permissioning (DB, FILE etc). > > In particular, the changes to PagePerm.php are not very well tested. One > issue delaying testing is that the display of the page owner does not appear > to work correctly all the time, particularly that generated in > lib/plugin/WikiAdminSetACL.php and lib/plugin/WikiAdminChown.php plugins > (probably the issue is in the lib/plugin/WikiAdminSelect.php plugin). Or it > may be that I am bending things too far out of shape > > Regards, > Charles > > lib/WikiGroup.php: > The changes are > 1 - the check in case GROUP_BOGO_USER seems to be bogus (!), fix > 2 - allow group pages to have the link to the user page in [ ] brackets > 3 - fix up the implementation of GroupWikiPage::getMembersOf and allow the > user page to be linked in [ ] brackets I'll check those fixes in. > the output of diff -u follows > --- /home/charles/extract/phpwiki/lib/WikiGroup.php 2004-11-20 > 03:22:03.000000000 +0800 > +++ ./WikiGroup.php 2004-11-23 11:08:56.546875000 +0800 > @@ -321,7 +321,7 @@ > return $users; > case GROUP_BOGOUSER: > foreach ($all as $u) { > - if (isWikiWord($user)) $users[] = $u; > + if (isWikiWord($u)) $users[] = $u; good catch! > } > return $users; > case GROUP_SIGNED: > @@ -508,7 +508,7 @@ > return false; > } > $contents = $group_revision->getContent(); > - $match = '/^\s*[\*\#]+\s*' . $this->username . '\s*$/'; > + $match = '/^\s*[\*\#]+\s*\[?' . $this->username . '\]?\s*$/'; ok, makes sense. whitespace issues left out: * [ ReiniUrban ] is disallowed, just: * [ReiniUrban] > foreach ($contents as $line){ > if (preg_match($match, $line)) { > return true; > @@ -559,21 +559,16 @@ > if ($this->specialGroup($group)) > return $this->getSpecialMembersOf($group); > > - trigger_error("GroupWikiPage::getMembersOf is not yet implimented", > - E_USER_WARNING); > - return array(); > - /* > - * Waiting for a reliable way to check if a string is a username. > - $request = $this->request; > + global $request; > $user = $this->user; > $group_page = $request->getPage($group); > $group_revision = $group_page->getCurrentRevision(); > if ($group_revision->hasDefaultContents()) { > trigger_error("Group $group does not exist", E_USER_WARNING); > - return false; > + return array(); > } > $contents = $group_revision->getContent(); > - $match = '/^(\s*[\*\#]+\s*)(\w+)(\s*)$/'; > + $match = '/^(\s*[\*\#]+\s*\[?)(\w+)(\]?\s*)$/'; > $members = array(); > foreach($contents as $line){ > $matches = array(); > @@ -582,7 +577,6 @@ > } > } > return $members; > - */ > } > } Good to have the explicit link syntax also. kinda hairy, maybe check the linkextractor instead, but I defer that to later. I added something like this now. Better than nothing indeed. > lib/PagePerm.php: > The changes are > 1 - allow ACL_OWNER to check a group owner, not just a user owner - not > fully tested > 2 - allow ACL_CREATOR to check a group owner, not just a user owner - not > fully tested just a note: owner and creators cannot be groups, just users, because authenticated is just a user, which might optionally belong to a group. but the perm check against group membership is ok. I forgot that, when I added it. > 3 - add the Owner and Creator items into the drop-down list for ACLs > > the output of diff -u follows > --- /home/charles/extract/phpwiki/lib/PagePerm.php 2004-11-15 > 23:56:40.000000000 +0800 > +++ ./PagePerm.php 2004-11-23 09:54:56.671875000 +0800 > @@ -398,12 +398,14 @@ > if ($group === ACL_OWNER) { > $page = $request->getPage(); > return ($user->isAuthenticated() and > - $page->getOwner() === $user->UserName()); > + ( $page->getOwner() === $user->UserName() or > + $member->isMember($page->getOwner()) )); > } > if ($group === ACL_CREATOR) { > $page = $request->getPage(); > return ($user->isAuthenticated() and > - $page->getCreator() === $user->UserName()); > + ( $page->getCreator() === $user->UserName() or > + $member->isMember($page->getCreator()) )); Thanks. I'll add something like this. Just cached to avoid the double call. if ($group === ACL_OWNER) { if (!$user->isAuthenticated()) return false; $page = $request->getPage(); $owner = $page->getOwner(); return ($owner === $user->UserName() or $member->isMember($owner)); } if ($group === ACL_CREATOR) { if (!$user->isAuthenticated()) return false; $page = $request->getPage(); $creator = $page->getCreator(); return ($creator === $user->UserName() or $member->isMember($creator)); } > } > /* Or named groups or usernames. > Note: We don't seperate groups and users here. > @@ -557,6 +559,9 @@ > HTML::th(_("Description")))); > > $allGroups = $this->_group->_specialGroups(); > + $allGroups[] = ACL_OWNER; > + $allGroups[] = ACL_CREATOR; We should really add these to the _specialGroups(). I forgot that when I implemented those groups in the WikiDB. > + > foreach ($this->_group->getAllGroupsIn() as $group) { > if (!in_array($group,$this->_group->specialGroups())) > $allGroups[] = $group; Anyway, many thanks for the debugging. I'll check it. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: Reini U. <ru...@x-...> - 2004-11-23 12:59:23
|
Reini Urban schrieb: > Charles Corrigan schrieb: > >> Hi, >> >> I have been working on getting ACLs working to my liking when using >> WikiPage >> permissions (i.e. I am not certain that what I have done is OK yet). My >> changes are incomplete but here's an interim drop - please let me know >> if I >> am on the wrong track. Similar changes may be required for the differing >> types of permissioning (DB, FILE etc). >> >> In particular, the changes to PagePerm.php are not very well tested. One >> issue delaying testing is that the display of the page owner does not >> appear >> to work correctly all the time, particularly that generated in >> lib/plugin/WikiAdminSetACL.php and lib/plugin/WikiAdminChown.php plugins >> (probably the issue is in the lib/plugin/WikiAdminSelect.php plugin). >> Or it >> may be that I am bending things too far out of shape I tested this now: chown HomePage to Administators, and it immediatly showed up the correct change: Owner: "Administrators" Last edited on November 19, 2004 8:26 pm by "The PhpWiki programming team" >> lib/WikiGroup.php: >> The changes are >> 1 - the check in case GROUP_BOGO_USER seems to be bogus (!), fix >> 2 - allow group pages to have the link to the user page in [ ] brackets >> 3 - fix up the implementation of GroupWikiPage::getMembersOf and allow >> the >> user page to be linked in [ ] brackets > > > I'll check those fixes in. > >> the output of diff -u follows >> --- /home/charles/extract/phpwiki/lib/WikiGroup.php 2004-11-20 >> 03:22:03.000000000 +0800 >> +++ ./WikiGroup.php 2004-11-23 11:08:56.546875000 +0800 >> @@ -321,7 +321,7 @@ >> return $users; >> case GROUP_BOGOUSER: >> foreach ($all as $u) { >> - if (isWikiWord($user)) $users[] = $u; >> + if (isWikiWord($u)) $users[] = $u; > > > good catch! > >> } >> return $users; >> case GROUP_SIGNED: >> @@ -508,7 +508,7 @@ >> return false; >> } >> $contents = $group_revision->getContent(); >> - $match = '/^\s*[\*\#]+\s*' . $this->username . '\s*$/'; >> + $match = '/^\s*[\*\#]+\s*\[?' . $this->username . '\]?\s*$/'; > > > ok, makes sense. > > whitespace issues left out: > * [ ReiniUrban ] > is disallowed, just: > * [ReiniUrban] > >> foreach ($contents as $line){ >> if (preg_match($match, $line)) { >> return true; >> @@ -559,21 +559,16 @@ >> if ($this->specialGroup($group)) >> return $this->getSpecialMembersOf($group); >> >> - trigger_error("GroupWikiPage::getMembersOf is not yet >> implimented", >> - E_USER_WARNING); >> - return array(); >> - /* >> - * Waiting for a reliable way to check if a string is a username. >> - $request = $this->request; >> + global $request; >> $user = $this->user; >> $group_page = $request->getPage($group); >> $group_revision = $group_page->getCurrentRevision(); >> if ($group_revision->hasDefaultContents()) { >> trigger_error("Group $group does not exist", >> E_USER_WARNING); >> - return false; >> + return array(); >> } >> $contents = $group_revision->getContent(); >> - $match = '/^(\s*[\*\#]+\s*)(\w+)(\s*)$/'; >> + $match = '/^(\s*[\*\#]+\s*\[?)(\w+)(\]?\s*)$/'; >> $members = array(); >> foreach($contents as $line){ >> $matches = array(); >> @@ -582,7 +577,6 @@ >> } >> } >> return $members; >> - */ >> } >> } > > > Good to have the explicit link syntax also. > kinda hairy, maybe check the linkextractor instead, but I defer that to > later. > I added something like this now. Better than nothing indeed. > >> lib/PagePerm.php: >> The changes are >> 1 - allow ACL_OWNER to check a group owner, not just a user owner - not >> fully tested >> 2 - allow ACL_CREATOR to check a group owner, not just a user owner - not >> fully tested > > > just a note: owner and creators cannot be groups, just users, because > authenticated is just a user, which might optionally belong to a group. wrong: you can of course chown a page to a group. The default is just the user, but later on, when you chwon the owner gets stored as page metadata, so it can be a group also, which makes sense. > but the perm check against group membership is ok. > I forgot that, when I added it. > >> 3 - add the Owner and Creator items into the drop-down list for ACLs >> >> the output of diff -u follows >> --- /home/charles/extract/phpwiki/lib/PagePerm.php 2004-11-15 >> 23:56:40.000000000 +0800 >> +++ ./PagePerm.php 2004-11-23 09:54:56.671875000 +0800 >> @@ -398,12 +398,14 @@ >> if ($group === ACL_OWNER) { >> $page = $request->getPage(); >> return ($user->isAuthenticated() and >> - $page->getOwner() === $user->UserName()); >> + ( $page->getOwner() === $user->UserName() or >> + $member->isMember($page->getOwner()) )); >> } >> if ($group === ACL_CREATOR) { >> $page = $request->getPage(); >> return ($user->isAuthenticated() and >> - $page->getCreator() === $user->UserName()); >> + ( $page->getCreator() === $user->UserName() or >> + $member->isMember($page->getCreator()) )); > > > Thanks. I'll add something like this. Just cached to avoid the double call. > > if ($group === ACL_OWNER) { > if (!$user->isAuthenticated()) return false; > $page = $request->getPage(); > $owner = $page->getOwner(); > return ($owner === $user->UserName() > or $member->isMember($owner)); > } > if ($group === ACL_CREATOR) { > if (!$user->isAuthenticated()) return false; > $page = $request->getPage(); > $creator = $page->getCreator(); > return ($creator === $user->UserName() > or $member->isMember($creator)); > } > > >> } >> /* Or named groups or usernames. >> Note: We don't seperate groups and users here. >> @@ -557,6 +559,9 @@ >> HTML::th(_("Description")))); >> >> $allGroups = $this->_group->_specialGroups(); >> + $allGroups[] = ACL_OWNER; >> + $allGroups[] = ACL_CREATOR; > > > We should really add these to the _specialGroups(). > I forgot that when I implemented those groups in the WikiDB. > >> + >> foreach ($this->_group->getAllGroupsIn() as $group) { >> if (!in_array($group,$this->_group->specialGroups())) >> $allGroups[] = $group; > > > Anyway, many thanks for the debugging. I'll check it. > -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |