Thread

For many versions, i’ve used the following global variable to provide “edit this entry” functionality if a user is logged in:

$global_vars = array(
“edit_me” => “
{if member_group==1 || member_group==6}<a >/img/edit.png /</a>{/if}
“
); // This array must be associative

I could then provide a simple edit link with an {edit_me} variable inside of a exp:weblog:entries tag.

Previous upgrades took away the ability to include quotation marks, and now 1.6 breaks the above links.  In looking through the support threads, I believe this is because certain shared hosts provide poor security, and have allowed for peoples path.php files to be overwritten, but I could be mistaken.

Whenever I upgrade a site to 1.6, I’m going to have to do a find and replace {edit_me} with the full code.  While this should work, I’m not thrilled as it makes templates more complicated, and i’d rather update a single php file than have to do a find replace on a database which always makes me nervous.

Is there a simple solution outside of including the full code snippet in every template?

Is there anyway the powers that be might consider a setting that those with competent webhosts can turn on to use html in their global variables?

I create a template called global/editme

Which has in it:

<a href="/admin.php?C=edit&M=edit_entry&weblog_id={weblog_id}&entry_id={entry_id}">Edit This</a>

And in my regular template:

{if member_group=='1'}
{embed=global/editme}
{/if}

NOTE: I use /admin.php because I don’t want to bother with remembering what the real system name is. During the install/upgrade process, I have admin.php in the root.

Sue, when I do this as an embed the {weblog_id} and {entry_id} don’t get parsed.  Does it work for you?

My appologies. That’s what I get for copying and pasting the wrong code.

{if member_group=='1'}
{embed=global/editme weblog_id="{weblog_id}" entry_id="{entry_id}"}
{/if}

and

<a href="/admin.php?C=edit&M=edit_entry&weblog_id={embed:weblog_id}&entry_id={embed:entry_id}">Edit This</a>