authors (intermediate)
This page describes the "variables" that are associated with pages. Page variables have the form {$variable}
, and can be used in page markup or in certain formatting strings in PmWiki. For example, the markup "{$Group}
" renders in this page as "PmWiki".
Note: Do not confuse these variables (set and used only in PmWiki pages) with PHP variables. Page variables can be read in PHP with the PageVar() function.
Note that these variables do not necessarily exist in the PHP code, because they have to be determined for a specific page. (However, they are usable in FmtPageName strings.)
There is also the form {pagename$variable}
, which returns the value of the variable for another page. For example, "{MarkupMasterIndex$Title}
" displays as "Markup Master Index".
Special references
Special referenced variables are used to specify the context of the variable when:
- the variable is included into a destination (target) page
- the variable is used in a sidebar, header, or footer
Prefixing the variable name with an asterisk (*) means the variable's value is related to the target page or main (body) page.
{*$
PageVariablename}
- prefixed by an asterisk (*) - value reflects target page context
Without the asterisk the variable's value is that in the page from which it originates, eg source page of include, sidebar, or header or footer.
{$
PageVariablename}
- retains value in source page context
For example you can test to see if the page is part of another page
(:if ! name {$FullName}:)
%comment% name of this page is not the same as the page this text was sourced from
->[[{$FullName}#anchor | more ...]]
(:ifend:)
|
|
or refer to the main page in a sidebar, footer, or header
Default page variables
The page variables defined for PmWiki are:
{$Action}
- page's url action argument, as in "browse"
{$BaseName}
- page's "base" form (stripping any prefixes or suffixes defined via
$BaseNamePatterns
) as in "PmWiki.PageVariables"
{$DefaultGroup}
- default group name, as in "Main"
{$DefaultName}
- name of default page, as in "HomePage"
{$Description}
- page's description from the (:description:)
markup, as in "Documentation for "variables" that are associated with pages."
{$FullName}
- page's full name, as in "PmWiki.PageVariables"
{$Group}
- page's group name, as in "PmWiki"
{$Groupspaced}
- spaced group name, as in "Pm Wiki"
{$LastModified}
- date page was edited, as in "November 10, 2014, at 08:16 AM"
{$LastModifiedBy}
- page's last editor, as in "Petko"
{$LastModifiedHost}
- IP of page's last editor, as in ""
{$LastModifiedSummary}
- Summary from last edit, as in "
$FmtPV
['$Var'] = $_REQUEST['Var']; # critically insecure"
{$LastModifiedTime}
- time page was edited in unix-style timestamp, as in "1415603781"
This can be used (preceded by '@') in
{(ftime)}
and other date/time markups.
{$Name}
- page name, as in "PageVariables"
{$Namespaced}
- spaced page name, as in "Page Variables"
{$PasswdRead}
- "read" permissions for the page e.g. "(protected)"
{$PasswdEdit}
- "edit" permissions for the page e.g. "(protected)"
{$PasswdAttr}
- "attr" permissions for the page e.g. "(protected)"
{$RequestedPage}
- page requested in URL, used on
Site.PageNotFound. e.g. "PmWiki.PageVariables"
{$SiteGroup}
- default group name for e.g. RecentChanges, as in "Site"
{$Title}
- page title (may differ from Name), as in "Page specific variables"
{$Titlespaced}
- either the page title (if defined), or the spaced page name, as in "Page specific variables"
In addition to the above, there are some page-invariant variables available through this markup:
{$Author}
- the name of the person currently interacting with the site, as in ""
{$AuthId}
- current authenticated id, as in ""
note the lower case 'd'.
{$Version}
- PmWiki version, as in "pmwiki-2.2.72"
{$VersionNum}
- The internal version number, as in "2002072"
Page variable security ($authpage)
The form {pagename$variable}
or some PageLists, can display the values for other pages, regardless of the password protections.
If the other pages are protected and the visitor has no read permissions, PageVariables, unlike PageTextVariables, normally display the values. While most variables do not contain sensitive information, some of them could do: $Title, $Description and those starting with $LastModified.
Administrators and module developers can redefine the sensitive page variables to respect authentications, by using the "$authpage" variable instead of "$page" in the definition. The following snippet can be added in local/config.php -- it will rewrite the default possibly sensitive definitions to the secure ones.
foreach($FmtPV as $k=>$v) {
if(preg_match('/^\\$(Title(spaced)?|LastModified(By|Host|Summary|Time)?|Description)$/', $k))
$FmtPV[$k] = str_replace('$page', '$authpage', $v);
}
Custom page variables
You may add custom page variables as a local customization. In a local configuration file or a recipe script, use the variable $FmtPV
:
$FmtPV['$VarName'] = "'variable definition'";
$FmtPV['$CurrentSkin'] = '$GLOBALS["Skin"]';
$FmtPV['$WikiTitle'] = '$GLOBALS["WikiTitle"]';
Defines new Page Variable of name $CurrentSkin, which can be used in the page with {$CurrentSkin}
(also for Conditional markup). It's necessary to use the single quotes nested inside double-quotes as shown above (preferred) or a double-quoted string nested inside single-quotes like '"this"'
.
Please note that the values of the elements of $FmtPV
are eval()
ed so always sanitize any user input. The following is very insecure:
$FmtPV['$Var'] = $_REQUEST['Var'];
# critically insecure, allows PHP code injection
You should sanitize the user input to contain only expected values, or make sure the value is a quoted string, for example:
# we only expect numeric values of Var
$FmtPV['$Var'] = intval($_REQUEST['Var']);
# properly escaped quoted string.
$FmtPV['$Var'] = '"'. addslashes($_REQUEST['Var']) . '"';
See also
Is there a variable like $LastModified, but which shows me the creation time?
No, but you can create one in config.php. For instance:
# add page variable {$PageCreationDate} in format yyyy-mm-dd
$FmtPV['$PageCreationDate'] = 'strftime("%Y-%m-%d", $page["ctime"])';
If you like the same format that you define in config.php with $TimeFmt
use
$FmtPV['$Created'] = "strftime(\$GLOBALS['TimeFmt'], \$page['ctime'])";
How can I test if a variable is set and/or not empty?
Use (:if ! equal "{$Variable}" "":) $Variable is not empty. (:ifend:)
. Note that undefined/inexistent variables appear as empty ones.
Categories: PmWiki Developer