[[wiki:plugins:programming_tips]]
 
Trace: » programming_tips
Translations of this page?:
Table of Contents

Tips for programming plugins in general

Please write down tips you've discovered making it easier for others to make plugins. I actually had to sit down and fgrep myself to this info, and I hope that it will help others ;-)

  • If you need to access any config value for your plugin, use the function getConf(<config option>);
    • E.g. If my plugin has an option to set 'namespace', I'd get the value by calling 
      $this->getConf('namespace');
    • the config has to be stored in <your plugin dir>/conf/default.php
    • If you want your configuration to be accessible through the configuration manager GUI, you have to create a conf/metadata.php file with field descriptions and a corresponding lang/en/settings.php file holding the language strings for the configuration manager. Refer to configuration metadata for more information.
  • You can access user-lists/info and more for internal use by declaring following in a function that needs it:
    global $auth;
    $auth->retrieveUsers(0,0,$filter);
  • Where $filter is is an array with one, or more of the following keys 'user','name', 'mail',or 'grps'. Several values in each

using '|' as a separator.

  • E.g. to retrieve all users in the group 'admin', one would use 
        $filter['grps']="admin";
        $array_of_matches = retrieveUsers(0,0,$filter);

DokuWiki Global Variables

DokuWiki provides a number of global variables that provide information about the current page, current user and the actions being performed. Details of these are provided with the template development information.

Plugin Name

Be aware that the directoryname and the classname suffix is the same. So if your plugin is stored in 

 ../plugins/test

Your classnames should be following: 

action.php
   class action_plugin_test extends DokuWiki_Action_Plugin {

syntax.php
   class syntax_plugin_test extends DokuWiki_Syntax_Plugin {

If both strings do not match, the plugin informations will not be shown in the pluginmanager. Also, the plugin name should not contain an underscore! If it does, you have to overwrite the getPluginName method of your plugin.

Making your plugins more secure

If you use forms in your plugins, you should include a hidden form field with the session-based security token. In the current of DokuWiki you can generate this field by calling the function formSecurityToken(). Before you process the form input, call checkSecurityToken(). This function checks if the sent security token is correct.

If you wonder, why this will make your plugins more secure, consider the following scenario: You have written a plugin that displays a from to delete several pages at once. An attacker knows you regularly log in to your wiki and you use a site that is under his control. He places an images tag on his page that links to your doku.php and has all the form paramters for deleting pages in the URL. Each time you see the page form the attacker, your browser requests the image from your dokuwiki installation, thereby deleting pages. This attack is called CRoss Site Request forgery.

You can read more about it on http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html

 
wiki/plugins/programming_tips.txt · Last modified: 2008/05/04 21:42 by andi
 
Imprint Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki
WikiForumIRCBugsTranslate