Tips for programming plugins

Please write down tips you've discovered making it easier for others to make plugins. I actually had to sit down and fgrep myself to this info, and I hope that it will help others

The config has to be stored in <your plugin dir>/conf/default.php.

If you need to access any config value for your plugin, use the function getConf(<config option>).
For example, if my plugin has an option to set namespace, I would get the value by calling $this->getConf('namespace');.

If you want your configuration to be accessible through the configuration manager page, you have to create a conf/metadata.php file with field descriptions and a corresponding lang/en/settings.php file holding the language strings for the configuration manager. Refer to configuration for more information.

You can access user-lists/info and more for internal use by declaring the following in a function that needs it:

    global $auth;
    $auth->retrieveUsers(0,0,$filter);

Where $filter is is an array with one or more of the following keys user, name, mail, or grps. Several values in each using '|' as a separator.
For example, to retrieve all users in the group 'admin', one would use:

    $filter['grps']="admin";
    $array_of_matches = retrieveUsers(0,0,$filter);

DokuWiki uses a number of global variables to hold information about the current page, current user and the actions being performed.
Details of these can be found on the environment page.

Be aware that the directoryname and the classname suffix is the same.
So if your plugin is stored in ../plugins/test your classnames should be following:

action.php
   class action_plugin_test extends DokuWiki_Action_Plugin {

syntax.php
   class syntax_plugin_test extends DokuWiki_Syntax_Plugin {

If both strings do not match, the plugin information will not be shown in the plugin manager.
Also, the plugin name should not contain an underscore!
If it does, you have to overwrite the getPluginName() method of your plugin.

If you use forms in your plugins, you should include a hidden form field with the session-based security token.
In the current version of DokuWiki you can generate this field by calling the function formSecurityToken().
Before you process the form input, call checkSecurityToken(). This function checks if the sent security token is correct.

If you wonder, why this will make your plugins more secure, consider the following scenario:

You have written a plugin that displays a form to delete several pages at once.
An attacker knows you regularly log in to your wiki and you use a site that is under his control.
He places an images tag on his page that links to your doku.php and has all the form parameters for deleting pages in the URL.
Each time you see the page form the attacker, your browser requests the image from your DokuWiki installation, thereby deleting pages.

This attack is called Cross Site Request forgery.

Other security tips are listed and explained on the dedicated page.

If you need to enhance DokuWiki's capabilities, you can consider JavaScript beside creating a new plugin.
Just put the JavaScript code into conf/userscript.js (create this file if it doesn't exists).

Examples: wordcounter or copy_section_link

If you want to add some JavaScript and CSS at the same time and make it easier to distribute, you can create a 'pseudo' plugin.
Create a new folder and add a script.js and/or a style.css file to it. Add this folder to lib/plugins/.

Examples: searchjump or ipa