Recent Changes - Search:

Cookbook

PmWiki

pmwiki.org

Cookbook /

Guestbook

Summary: Provide a simple guestbook.
Version:
Prerequisites: 2.??
Status:
Maintainer:
Categories:

See important security fixes below.

Files

guestbook.phpΔ
guestbook-i18n-en.phpΔ
guestbook-i18n-nl.phpΔ
guestbook-i18n-fr.phpΔ
guestbook-i18n-de.phpΔ

Notes and Comments

  • Download and put guestbook.php in local/cookbook/
  • Download and put guestbook-i18n-en.php or guestbook-i18n-nl.php in the cookbook folder.
  • Add include_once("$FarmD/cookbook/guestbook.php"); in your local/config.php file;
  • Make a page for the guestbook (e.g., Guestbook.HomePage) and include the directive (:$Guestbook:) someplace on the guestbook page. The directive can be placed at the top or the bottom of the page. The dialog box opens at the position of the directive. Great guest book! Thank you all for this addition. Old Al.

Contributors

This was originally written by Zet (http://www.cube3d.de) for PmWiki v1 and kindly updated for PmWiki 2.x beta by Patrick Ogay at my request. I take zero credit for this addon and am only posting it here at Radu's request because Patrick seems to be busy.

The version posted above has been slightly modified from Patrick's version by:

  • Changing the first line to <?php if (!defined('PmWiki')) exit(); (per the recommendation in the Module Guidelines).
  • Commenting out the calls to TestLog (which caused errors).
  • Certain minor stylistic changes.

Due to destructive spam attacks, this page is now password protected.


Comments

  • The guestbook is translated in Dutch. Kenneth (02/24/2006)
  • I've been having a configuration specific problem in pmwiki-2.0.beta48: Caspian (07/29/2005)
    • I am using Guestbook, PITS, and Per Group Subdirectories. And there-in lies the problem. If I remove the Per Group Subdirectories option and make sure that Guestbook include_once('cookbook/guestbook.php'); is the first entry in the local/config.php it seems to work. However if I turn on the Per Group Subdirectories then Guestbook quits working. If I put Guestbook in after PITS include_once('cookbook/PITS.php');, PITS doesn't find its files correctly but Guestbook does work. pm did look at this a bit and said that he thought there was a problem in Guestbook and specifically with $pagename.
      <SNIP> from an email from pm
      The guestbook.php recipe takes some serious liberties with setting the value of $pagename -- in particular, it undoes any setting of $pagename that might've been done by a previous recipe or config.php setting. So, guestbook.php needs to be rewritten to not do this; in the meantime it means it must be loaded before anything else.
      </SNIP>
      Per Group Subdirectories being active is important to me and any help is appreciated.
  • It works great for me, I'm very pleased with it. Oneida (03/18/2005)
  • nice script :) but it looks like it doesn't work with Cookbook/CleanUrls. The form action wants to send the data to index.php/Forum/Guestbook -Uli
  • Hmmm, I've had no problem with it working with CleanUrls. You might try posting your configuration on the mailing list, as people there are really great at helping to troubleshoot things like that. Oneida (03/23/2005)
  • I just modified line 40 (use "?" instead "/"). Now it works. Holger (03/24/2005)
  • Oddly enough, I had to modify line 40 to use "?n=" instead of "/", using v2beta51 - David A Spitzley (7/29/05)
  • Could something like this be easily implemented now with AddDeleteLine? - Martin Fick
  • Would you advise me what to change in the script to remove boxes "name" and "homepage" and to receive as senders name the $AuthId ? Jiri
  • It is totally open for SPAM. I think there should be (at least) two additions: a Captcha as well as a possibility to not admit what Spammers like to post ... PKHG

IMPORTANT SECURITY FIX:

Below is a modified code with a few important security fixes (see PKHG's comment above):

  1. It prevents attacks by HTML and wiki-markup injections in the input fields, and,
  2. It also has a simple captcha implementation.
  3. The latest version has a simple Javascript-based form validation to prevent submission of advertisement URLs.

Download the code here (just the English version): guestbook-secure-en.phpΔ

  • Installation:
    • Copy the file to cookbook folder.
    • In local/config.php add lines:
      • $GuestbookCaptcha = TRUE; (This enables the captcha feature. This must come before the include_once line.)
      • $GuestbookValidation = TRUE; (This enables the form validation feature. This must come before the include_once line.)
      • include_once("FarmD/cookbook/guestbook-secure-en.php");
  • Live demo: http://fling.seas.upenn.edu/~subhrabh/cgi-bin/wiki/index.php?n=Main.GuestBook

To enable captcha (disabled by default):

  • Set $GuestbookCaptcha = TRUE; in config.php.
  • (Troubleshoot) If session is not enabled, you may also need to include the following lines of code in config.php (before the include_once line):
session_name('AnAlphanumericValue');
session_start();

To enable Javascript-based form validation to prevent submission of URLs in the main fields (disabled by default):

  • Set $GuestbookValidation = TRUE; in config.php.

Subhrajit November 06, 2010, at 12:22 AM ; Subhrajit September 05, 2011, at 04:28 PM


Comments on the security fixes

Comment by Holger May 22, 2011, at 03:25 PM
Unfortunately the whole message is in one line, no line break visible. Any idea to realize line breaks in spite of rawdecode?

In the PHP script, where it reads Keep(rawurldecode(PSS('$1'))) (line 14), just replace it with Keep(str_replace(\"\\n\",\"<br/>\",rawurldecode(PSS('$1'))))
I will post a updated version with a few more features some time soon. Subhrajit May 30, 2011.

Comment by Holger June 02, 2011, at 05:58 AM
Thanks a lot for your feedback Subhrajit. :-) Meanwhile I have been found another solution for my website but nevertheless I am very interested in your updated version.

Edit - History - Print - Recent Changes - Search
Page last modified on September 10, 2011, at 11:42 AM