Table of Contents
Admin Plugins are plugins that provide DokuWiki with extra functions accessible via the admin window. It is not necessary to create an admin component to enable plugin configuration, it is already included, see configuration.
How to Write an Admin Plugin
An Admin Plugin Example needs:
- class name
- to be stored in a file
Class needs to implement the following methods (Must override):
(Override only if needed):
|forAdminOnly()|| Inherited method returns default
|getMenuText()|| Return the menu string to be displayed in the main admin menu. If you have followed the localisation guidelines below you do not need to override this function, the text for the correct language will be provided from the plugin's
|getMenuSort()||Return a number which is used to determine the position in the admin menu on admin window.|
|getTOC()||Use this function to create a table of contents for potentially long pages, see config plugin for an example. Should return an array of tocitems created by the html_mktocitem() method.|
|getMenuIcon()||Allows you to override which icon to load on the Admin screen. Useful if you have multiple admin components and want to use different icons for them.|
See common plugin functions for inherited functions available to all plugins. e.g. localisation, configuration and introspection.
Since the Frusterick Manners release, admin plugins can provide an icon to be shown next to the plugin's name on the admin screen. By default this icon will be searched at
lib/plugins/<yourplugin>/admin.svg. You can override the location with the
There are a few restrictions the icon has to adhere to for it to be displayed:
- It has to be in SVG format
- The file has to be smaller than 2KB
- It should only contain a single path object
The fill color of the path will be set by CSS and match the link color (unless your template does something different).
To match the style of other icons, we recommend to either pick an icon from the huge, free selection at https://materialdesignicons.com/ or adhere to the Material Design Guidelines when designing your own icon.
Admin plugin trigger
A admin or moderator initiates interaction with the admin plugin by clicking the plugin's menu link in the admin window. Following that request, the plugin handle() method will be called and the result of html() be output in current template.
If the plugin needs to receive information back from the user it needs to ensure the following
$_REQUEST variables are set in any forms the user may submit or links the user may click.
$_REQUEST['do'] = 'admin'
This tells DokuWiki its in admin mode.
$_REQUEST['page'] = <plugin name>
This tells DokuWiki which plugin or component to call. When not set the admin menu will be shown.
$_REQUEST['id'] = <name current wikipage>
The current page, if the user presses the show page button they will be shown this page. is id really needed, is this not twice?
Best practice is to include these variables in your plugin's HTML output as hidden form controls (
<input type=“hidden” …> or when using Doku_Form class
$form->addHidden('page','data_clean')) and on links as part of the query string as done in the admin window. See Hello World admin plugin for an example.
Example Hello World admin plugin
Here is the hello world example.
- If you haven't read plugins development page about naming and deployment, do that. There is also a link to the plugin wizard which creates a skeleton with comments to get you started.
The admin plugin has the opportunity to interact with the DokuWiki admin user through the data returned by forms and/or query strings, i.e. the $_REQUEST, $_POST or $_GET variables. Take special care to follow the next rules and please read security guidelines for plugin authors for more details.
- All user entered data must be treated with suspicion, even from users identified as admins by ACL settings. It is recommended to use DokuWiki Input Class. This class gives you type safe access to the request variables, makes sure they are correctly initialized and allows you to set defaults.
- When using forms you should include a hidden form field with the session-based security token by calling the function formsecuritytoken(). Before you process the form input, call checkSecurityToken(). This function checks if the sent security token is correct. This protect against Cross-site request forgery attacks. See the hello world example. If you use the Doku_Form class the security token is automatically included.
Core API & globals
DokuWiki uses a number of global variables to hold information about the current page, current user and the actions being performed. Details of these can be found on the environment page.
Localization & configuration
- Be sure to add at least the
menuentry to the language file, because this will automatically be used for the admin menu on admin window.
Example Making the admin window menu link to your plugin called FooBar admin:
<?php // minimal language file for DokuWiki admin plugin $lang['menu'] = 'FooBar admin';