Differences

This shows you the differences between two versions of the page.

--- plugin:phprestrict [2016-09-14 15:04] – [Discussion] 81.67.68.4
+++ plugin:phprestrict [2019-09-04 14:38] (current) – [Configuration and Settings] MadOverlord
@@ Line 6: / Line 6: @@
 email      : trebor@animeigo.com
 type       : action
-lastupdate : 2016-06-07
+lastupdate : 2016-11-23
-compatible : 2016-06-26, Detritus
+compatible : 2016-06-26, 2017-03-04, Detritus, Elenor of Tsort, Frusterick Manners
 depends    :
 conflicts  :
@@ Line 20: / Line 20: @@
 ===== Installation =====
-Install the plugin using the [[plugin:plugin|Plugin Manager]] and the download URL above, which points to latest version of the plugin. Refer to [[:Plugins]] on how to install plugins manually.
+Search and install the plugin using the [[plugin:extension|Extension Manager]]. Refer to [[:Plugins]] on how to install plugins manually.
 ===== Examples/Usage =====
@@ Line 44: / Line 44: @@
   * **2016-06-07**
     * 1.1; minor cleanups, added disabling of revision history. Fixed problem with extra level of folder nesting in the GIT repository (newbie mistake)
+  * **2016-11-23**
+    * Pointfix: Disabled execution of <PHP> content on history pages (which would permit execution of old/obsolete code if the history pages were visible or the history page url was known).
+  * **2019-09-04**
+    * Bugfix: was not handling processing properly when the list of paths included a completely blank path.
 ===== FAQ =====
+===== Forum =====
+  * [[https://forum.dokuwiki.org/thread/13734|English : Working on PHPrestrict plugin - have some questions]]
+  * [[https://forum.dokuwiki.org/thread/14044|Français : [PLUG-IN PHPRESTRICT] - Utilisation ]]
 ===== Discussion =====
@@ Line 57: / Line 63: @@
 -09-14 (MadOverlord) : I don't know if is possible, and it is a bit out of scope. The whole point of the plugin is that it lets you restrict who can use PHP by specifying where PHP is allowed and then using the ACL to restrict who can edit those pages. If you let a bad-actor have access to PHP, having them be able to execute phpinfo(); is the least of your problems!
--09-14 (Wild Dagger) : Thank you for the quick response, how can we help to translate the plug-in?
+-09-14 (Wild Dagger) : Thank you for the quick response, how can we help you to translate the plug-in?
+-09-14 (MadOverlord) : I do not understand what you mean by 'translate the plug-in'. You will have to be more explicit. All the code is available in the plugin download and on github: https://github.com/RJWoodhead/dokuwiki-plugin-phprestrict
+-09-14 (Wild Dagger) : [[https://github.com/RJWoodhead/dokuwiki-plugin-phprestrict/tree/master/lang/en|/lang/en]]/settings.php or more to other language.
+-09-14 (MadOverlord) : If you wish to add support in the settings for another language, just submit a pull request to add a land/xx/settings.php file
+-09-14 (Wild Dagger) : Thank you MadOverlord :) What do you mean about "Disable __view__/__export__/__revisions__ on PHP-enabled pages" ?
+When i enable the option (in Release 2016-06-26a "Elenor of Tsort" with default template) :
+  * A simple user with Read permission (ACL):
+    * ?do=export_raw -> Command disabled: export_raw
+    * ?export_xhtml -> works (does not show the php code)
+    * ?do=export_xhtml -> works (does not show the php code)
+    * ?export_xhtmlbody -> works (does not show the php code)
+    * ?do=export_xhtmlbody -> works (does not show the php code)
+    * ?do=edit -> **__works__** (__show the source code__)
+    * I have not tested the revised options
+-09-14 (MadOverlord) Wild Dagger : I believe you may have given the user additional permissions. For the default (non-logged in user) with read access, when I try ?do=edit, I get "Command disabled: source". If the user is granted edit access, he can obviously edit the page and see the source -- that is intended.
+-09-14 (Wild Dagger) Thank you for all these details, I'll enable 'View source' in 'Actions to disable in DokuWiki' for my closed dokuwiki ;-) and if I understand the option "Disable view / export / revisions on PHP-enabled pages?" in your plug-in is only for public dokuwiki (no register). Good plug-in but I think that some users would like to see the sources (excluding php pages) in closed dokuwiki. ( not me ;-) )