jefficus
I've got a site for which I want to be able to include some snazzy PHP into the pages, but currently it appears that the only way to enable this is to enable PHP snippets for everybody. Ick. I'm dealing with some pretty scary-ignorant users who should not ever be exposed to PHP code. What I really want is to allow all users to view PHP-enabled pages, but only have admin users able to edit those pages. And I want it to be automatic, without having to have to set page-specific ACL permissions every time I want to throw down some PHP on an obscure page.
Here's what I've worked out as a temporary solution.
1) Enable PHP for all users (in the Editing Settings section of the admin config panel)
2) Enabled usewordblock (in the spam section of the admin config panel)
3) Created conf/wordblock.local.conf and inserted a line that reads: < [ ]*php[ ]*>
(This prevents all users from saving a page with the <php> tag in it. (Or with any number of spaces between the brackets and the 'php' string itself.)
4) Inserted 2 lines at the top of the checkwordblock() function in inc/common.php:
$info = pageinfo();
if ($info['isadmin']) return false;
In short, all users are given php permission (1) then their permission is revoked (2 and 3) unless they are admin (4).
THIS IS SLOPPY AND INELEGANT. But I needed something quickly and this works.
The real question is: what do people suggest as the best way to solve this problem properly? I've reviewed all the plugins and couldn't find one that could be made to do what I want without even dirtier hacking. Did I miss one?
It seems to me that a config-panel flag to excuse admins from the spam-word filter would be a generally useful additional feature, but even then, that's would still be an ugly way to restrict the use of PHP snippets.
The most complete and general solution I can think of would be to implement an ACL-based regexp content filter, executed at save-time. But I'm only a white-belt when it comes to DokuWiki architectural design, so I'm posting this to see if anybody has any refinements or suggestions about how to do this the DokuWiki Way.
Jefficus