Recent Changes - Search:
Cookbook /

EncodePost

Summary: Base64 encode/decode fields in posted forms as a workaround for mod_security
Version: 20230504
Prerequisites: PmWiki.UTF-8, PmWiki 2.3.24, recent browser with JavaScript enabled
Status: experimental
Maintainer: Petko
License: GPL
Categories: Editing Security Ajax
Users: (view? / edit)
Discussion: EncodePost-Talk?

Description

Base64 encode/decode fields in posted forms.

This recipe was written as a workaround for Troubleshooting#mod_security.

While some hosting providers allow you to disable mod_security, it is probably best to leave it enabled, especially if you have software other than PmWiki on your website.

This recipe will cause the browser to encode to Base64 the page text in the edit form before submitting it, and will decode it upon arrival to PmWiki.

Installation

Note that this requires PmWiki:UTF-8 to be enabled. The current version also requires either the nightly version after PmWiki 2.3.23, or PmWiki 2.3.24 or newer.

  1. Get encodepost.zipΔ and place
    • encodepost.php in pmwiki/cookbook/
    • encodepost.js in pmwiki/pub/
  2. Add near the top of local/config.php: 
if($action == 'edit' || $action == 'encodedpost') {
  include_once("$FarmD/cookbook/encodepost.php");
}

Configuration

N/A

Usage

Just edit, save, or preview the page as usual. See Notes below.

The recipe is enabled on this page, you can try it here (hit Preview).

Notes

  • Should now work with EX.
  • It may not work well if another script is modifying the form fields upon submission. However, workarounds can be implemented, so please report any problems.
  • The "Preview" element appears above the edit form rather than below it.

To do / some day / maybe

  • Show some spinner upon form submission to mesmerize the users and imply that something important is going on. :-)

Change log / Release notes

  • 20230504: Validate fields before submission, Cancel button directly returns to the page without submitting the form, scroll textarea into view after removing old preview.
  • 20230429: Complete rewrite: the form is now posted with an AJAX request in the background, without the annoying flashing of the encoded text field. Fixed for EX also version 20230429.
  • 20230411: First public release, ready to be tested.

See also

Contributors

  • Written and maintained by Petko

Comments

See discussion at EncodePost-Talk?

User notes? : If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.