TWiki Reference Manual (TWiki-4.2.3, Wed, 06 Aug 2008, build 17396)

This page contains all documentation topics as one long, complete reference sheet.

On this page:

Related Topics: TWiki Site, TWiki History, TWiki Planned Features, TWiki Enhancement Requests, User Documentation Category, Admin Documentation Category

TWiki System Requirements

Server and client requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions. Many Plugins and contrib modules exist which enhance and expand TWiki's capabilities; they may have additional requirements.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

Resource Required Server Environment *
Perl 5.6.1 or higher (5.8.4 or higher is recommended)
RCS 5.7 or higher (including GNU diff)
Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)
GNU diff GNU diff 2.7 or higher is required when not using the all-Perl RcsLite.
Install on PATH if not included with RCS (check version with diff -v)
Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff
GNU patch For upgrades only: GNU patch is required when using the TWiki:Codev.UpgradeTWiki script
GNU fgrep, egrep Modify command line parameters in configure if you use non-GNU grep programs
Cron/scheduler • Unix: cron
• Windows: cron equivalents
Web server Apache is well supported; see TWiki:TWiki.InstallingTWiki#OtherWebServers for other servers

Required CPAN Modules

The following Perl modules are used by TWiki:
Module Preferred version
Algorithm::Diff (included)  
CGI::Carp >=1.26
Config >=0
Cwd >=3.05
Data::Dumper >=2.121
Error (included)  
File::Copy >=2.06
File::Find >=1.05
File::Spec >=3.05
File::Temp (included with perl 5.6 and later)
FileHandle >=2.01
IO::File >=1.10
Text::Diff (included)  
Time::Local >=1.11

Optional CPAN Modules

The following Perl modules may be used by TWiki:
Module Preferred version Description
CGI::Cookie >=1.24 Used for session support
CGI::Session >=3.95 Used for session support
Digest::base    
Digest::SHA1    
Jcode   Used for I18N support with perl 5.6
Locale::Maketext::Lexicon >=0 Used for I18N support
Net::SMTP >=2.29 Used for sending mail
Unicode::Map   Used for I18N support with perl 5.6
Unicode::Map8   Used for I18N support with perl 5.6
Unicode::MapUTF8   Used for I18N support with perl 5.6
Unicode::String   Used for I18N support with perl 5.6
URI   Used for configure

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this: 

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

The TWiki standard installation has relatively low browser requirements:

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

You can easily select a balance of browser capability versus look and feel. Try the installed skins at TWiki Skin Browser and more at TWiki:Plugins.SkinPackage.

Important note about TWiki Plugins

Related Topics: Admin Documentation Category

Back to top

TWiki Installation Guide

The following is installation instructions for the TWiki 4.2 production release on an Apache web server on Linux. Visit TWiki:TWiki.InstallingTWiki for the latest updates to this guide and supplemental information for installing or upgrading TWiki, including notes on installing TWiki on different platforms, environments and web hosting sites.

If you are upgrading from a previous version of TWiki, you probably want to read TWikiUpgradeGuide instead.

Both this document and the TWikiUpgradeGuide are also available in the root of the distribution as HTML files. For this reason links to pages inside your own TWiki are written like TWiki.WebHome and not like live web links.

Preparing to install TWiki

Before attempting to install TWiki, you are encouraged to review the TWiki:TWiki.AdminSkillsAssumptions. This guide assumes the person installing TWiki has, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing perl CPAN libraries).

To help setup a correct Apache configuration, you are very much encouraged to use the automatic tool TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.

While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should be fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.

If you are installing TWiki without Unix/Linux root (administrator) priviledges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.

If you are upgrading from an earlier major version of TWiki such as Cairo (TWiki 3) you will need the information found in TWiki:TWiki.TWikiUpgradeGuide. There is also a static HTML TWikiUpgradeGuide.html included in the root of your TWiki distribution.

Upgrading from a recent TWiki4 release is much simpler. Upgraders from earlier TWiki4 versions can follow the steps described in TWiki:TWiki.UpgradingTWiki04x00PatchReleases to ensure a safe upgrade without accidently overwriting customizations.

One of the more difficult tasks is installation of addition CPAN libraries. See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries.

If you need help, ask a question in the TWiki:Support web or on TWiki:Codev.TWikiIRC (irc.freenode.net, channel #twiki)

Basic Installation

  1. Download the TWiki distribution from http://TWiki.org/download.html.
  2. Make a directory for the installation and unpack the distribution in it. In the rest of this document we assume this directory is called twiki.
    • Note! that TWiki does not allow spaces in the directory names. Especially on Windows make sure to use a directory path without spaces.
  3. Setup access file and directory rights to enable the webserver user (the user Apache runs the CGI scripts as) to read and write inside the twiki directory.
    • Warning! Do not just just run a chmod -R 770 twiki. The access rules have different meaning for files and directories. This is the most common mistake installers make.
    • The distribution tgz has the file and directory access rights setup to work with a reasonable security level that will work for all types of installations including shared hosting.
    • The ownership of the twiki directory tree is normally set to the user that unpacked the tgz and will have to be changed to the webserver user using the command chown -R user:group /path/to/twiki. The webserver username varies from Distributions. Examples for some major distributions:
      • RedHat, Fedora, CentOS, Gentoo, Mandriva : chown -R apache:apache /path/to/twiki
      • debian/Ubuntu/Kubunto : chown -R www-data:www-data /path/to/twiki
      • Suse : chown -R wwwrun:www /path/to/twiki
    • If you mistakenly change the access rights in a way that makes TWiki stop working, simply run the script found at TWiki:TWiki.SettingFileAccessRightsLinuxUnix to set the access right of the entire TWiki tree back to the distributed defaults.
    • It is possible to define tighter access rules than the ones given by default after the installation is complete. But how tight they should be depends on your distribution and local needs. Typically you may want to limit all access from world if the webserver machine has login access for other users than root and the web server administrator. For a dedicated web server made just for running TWiki with limited login access the default access rights have a good safety level.
  4. Check the Perl installation. Ensure that Perl 5 and the Perl CGI library are installed on your system.
    • The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.
    • Some systems require a special extension on perl scripts (e.g. .cgi or .pl). This is normally only needed under Windows and only where perl scripts are only recognized by file extension. Linux and Unix users should normally never need to do this. If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).
  5. Create the file LocalLib.cfg located as twiki/bin/LocalLib.cfg
    • There is a template for this file in twiki/bin/LocalLib.cfg.txt. Simply copy Local Lib? .cfg.txt to Local Lib? .cfg. Make sure the ownership and access rights of the copy are the same as Local Lib? .cfg.txt
    • The file twiki/bin/LocalLib.cfg must contain a setting for $twikiLibPath, which must point to the absolute file path of your twiki/lib e.g. /var/www/twiki/lib.
    • If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.
  6. Choose best configuration method for your webserver. There are two ways to configure Apache: config file included from httpd.conf or .htaccess files
    • Apache config file: The recommended method is using a config file. With a config file you can put the entire TWiki configuration in ONE file (typically named twiki.conf). Performance is much better with a config file, and one file gives the best overview and ensures that you get a safe installation . However using a config file requires that you can restart Apache which again means that you need root or sudo access to stop and start Apache. The TWiki apache config file is included from the main Apache config file http.conf. Most distributions have a directory from which any file that ends with .conf gets included when you restart Apache (Example RedHat/Fedora/Centos: /etc/httpd/conf.d). If you use a virtual host setup in Apache you should include the twiki.conf file from inside the desired virtual host config in your Apache configuration.
    • .htaccess file: This should only be used when you cannot use a config file. Performance is slowed down because Apache has to look through all directories in search for possible .htaccess files each time someone views a page in TWiki. Normally this is the only way to control Apache in a shared host environment where you have no root or sudo priviledges.
  7. Configure the webserver
    • Unless you are an Apache expert setting up the webserver can be quite difficult. But TWiki has three resources that make setting up Apache easier.
      • The best and easiest way is to use webpage TWiki:TWiki.ApacheConfigGenerator which contains a tool that can generate a safe and working config file for TWiki on Apache.
      • In the root of the twiki installation you find an example config file twiki_httpd_conf.txt
      • In the root of the twiki installation and in the twiki/bin directory you find example .htaccess files you can copy and modify. The files contains help text explaining how to set them up. In twiki/bin you find .htaccess.txt which can be copied to .htaccess and defined access to the CGI scripts. In the root of TWiki you find pub-htaccess.txt which you can copy to pub/.htaccess, subdir-htaccess.txt which you can copy to all directories as .htaccess except bin and pub, and you find root-htaccess.txt which you can copy to .htaccess in the twiki root directory. But again only use .htaccess files if you do not have root priviledges.
    • If you are unsure about how to do this on your system, see TWiki:TWiki.InstallingTWiki#OtherPlatforms for links to information about various server setups.
    • Note! When you use config files you need to restart Apache each time you change a setting to make the new setting active.
  8. Protect the configure script
    • You should never leave the configure script open to the public. Limit access to the twiki/bin/configure script to either localhost, an IP address or a specific user using basic Apache authentication. The TWiki:TWiki.ApacheConfigGenerator lets you setup who has access to the configure script. Also the example twiki-httpd-conf.txt and bin/.htaccess.txt files includes the needed setting to protect the configure script.
    • If you limit the access to a particular user then you need to setup a .htpasswd file that contains the user name and password that Apache will authenticate against. Per default both TWiki:TWiki.ApacheConfigGenerator and the example config files and .htaccess files uses twiki/data/.htpasswd but this file does not exist until you have TWiki running and have registered the first user. You therefore have two options. Either limit the access to localhost or an IP address, or make a .htpasswd file. To make a .htpasswd file change directory to twiki/data and issue the command htpasswd -c .htpasswd username and enter your password when asked. The username must match the Require user username directive in the Apache config file or .htaccess file. Do not use a username you will later use to register in TWiki because TWiki will then claim that you are already registered.
  9. Run the configure script from your browser (enter http://yourdomain/twiki/bin/configure into your browser address bar)
    • Resolve any errors or warnings it tells you about.
    • Note! When you run configure for the first time, you can only edit the section General Path Settings. Save these settings, and then return to configure to continue configuration.
    • If your webserver can be accessed by more than one domain name make sure to add the additional alternative URLs to {PermittedRedirectHostUrls}
    • When you return to configure you now need to setup Mail and Proxies. Especially the {WebMasterEmail}, and {SMTP}{MAILHOST} must be defined to enable TWiki to send registration emails. Many ISPs have introduced authentication when sending emails to fight spam so you may also have to set {SMTP}{Username} and {SMTP}{Password}. If you do not want to enable mailing or want to enable it later you can uncheck {EnableEmail}.

You now have a basic, unauthenticated installation running. At this point you can just point your Web browser at http://yourdomain.com/twiki/bin/view and start TWiki-ing away!

Important Server Security Settings

Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.

The TWiki:TWiki.ApacheConfigGenerator as well as the example twiki_httpd_conf.txt and example htaccess.txt files include the needed settings that protect against all 3 security elements.

Next Steps

Once you have TWiki installed and running, you might consider the following optional steps for setting up and customizing your TWiki site. Many of the references below refer to topics within your TWiki installation. For example, TWiki.TWikiSkins refers to the TWikiSkins topic in your TWiki web. Easy way to jump directly to view the pages is to open your own TWiki in your browser and write TWiki.TWikiSkins in the Jump test box to the right in the top bar and hit Enter. You can find these topics in the on-line reference copy at the official TWiki website: TWiki Release 4.2

Enable Authentication of Users

This step provides for site access control and user activity tracking on your TWiki site. This is particularly important for sites that are publicly accessible on the web. This guide describes only the most common of several possible authentication setups for TWiki and is suitable for public web sites. For information about other setups, see TWiki.TWikiUserAuthentication, and TWiki:TWiki.TWikiUserAuthenticationSupplement.

These are the steps for enabling "Template Login" which asks for a username and password in a web page, and processes them using the Apache 'htpasswd' password manager. Users can log in and log out.

  1. Under the Security Settings pane of configure :
    1. Select TWiki::Client::TemplateLogin for {LoginManager}.
    2. Select TWiki::Users::HtPasswdUser for {PasswordManager}.
    3. Save your configure settings.
    4. Register yourself using the TWiki.TWikiRegistration topic.
      HELP Check that the password manager recognizes the new user. Check that a new line with the username and encrypted password is added to the data/.htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.
  2. Edit a topic (by clicking on the Edit link at beginning or end of topic) to check if authentication works.

You are strongly encouraged to read TWiki.TWikiUserAuthentication, TWiki:TWiki.TWikiUserAuthenticationSupplement, and TWiki:TWiki.SecuringTWikiSite for further information about managing users and security of your TWiki site.

Note! The other LoginManager option TWiki::Client::ApacheLogin uses a basic Apache type authentication where the browser itself prompts you for username and password. Most will find the TemplateLogin looking nicer. But ApacheLogin is required when you use Apache authentication methods like mod_ldap where all authentication is handled by an Apache module and not by the TWiki perl code. When you use ApacheLogin the apache configuration must be set up to require authentication of the some but not all the scripts in the bin directory. This section in the Apache config (or .htaccess) controls this 

<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|rest|.*auth).*">
   require valid-user
</FilesMatch>

The TWiki:TWiki.ApacheConfigGenerator includes this section when you choose ApacheLogin. In the example twiki_httpd_conf.txt and bin/.htaccess.txt files this section is commented out with #. Uncomment the section when you use ApacheLogin. It is important that this section is commented out or removed when you use TemplateLogin.

Define the Administrator User(s)

Administrators have read and write access to any topic in TWiki, irrespectively of TWiki access controls. When you install TWiki one of the first things you will want to do is define yourself as an administrator. You become an administrator simply by adding yourself to the TWikiAdminGroup. It is the Wiki Name and not the login name you add to the group. Editing the Main.TWikiAdminGroup topic requires that you are an administrator. So to add the first administrator you need to login using the internal TWiki admin user login and the password you defined in configure.

Set TWiki Preferences

Preferences for customizing many aspects of TWiki are set simply by editing a special topic with TWiki.

Enable Email Notification

Each TWiki web has an automatic email notification service that sends you an email with links to all of the topics modified since the last alert. To enable this service:

  1. Confirm the Mail and Proxies settings in the Configure interface.
  2. Setup a cron job (or equivalent) to call the tools/mailnotify script as described in the TWiki.MailerContrib topic.

Enable WebStatistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. For information on setting up this feature, see the TWiki.TWikiSiteTools topic.

Automate removal of expired sessions and lease files

Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however cost performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} and install let cron run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.

Enable Localisation

TWiki now supports displaying of national (non-ascii) characters and presentation of basic interface elements in different languages. To enable these features, see the Localisation section of configure. For more information about these features, see TWiki:TWiki.InternationalizationSupplement.

Tailor New Users Home Topic

When a new users registers on your TWiki, a home topic is created for them based on the TWiki.NewUserTemplate topic (and its TWiki.UserForm). It contains additional resources you can use to:

If you choose to tailor anything you are strongly adviced to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

If you added or removed fields from the user form you may also need to tailor TWiki.TWikiRegistration.

Install Plugins

TWiki:Plugins is an extensive library of Plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see TWiki.InstalledPlugins.

You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documenation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.

Some plugins require that you define their settings in configure. You fill find these under the Extensions section of configure.

Customize Your TWiki!

The real power of TWiki lies in it's flexibility to be customized to meet your needs. You can with small means change the looks of the default skin (called PatternSkin) by reading the TWiki.PatternSkinCustomization

At the official TWiki website you can find more resources. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.

Customization of Special Pages

Some pages are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. The topics are:

WYSIWYG vs Raw Edit

From TWiki release 4.2.0 the WYSIWYG editor has been replaced by a much better and more powerful editor and it was decided that WYSIWYG would be the default edit mode. An Edit Raw link is available for those that have a need or preference for this mode.

However you may prefer to have the same user interface as in TWiki 4.1 where Edit was the raw text editor and you had a WYSIWYG button. You can modify the templates that define the buttons by following the description on TWiki:Codev.TWikiRawEditDefault04x02.

Copyright, License and Classification Statements

In the bottom of each topic you will find a default copyright messages saying "Copyright &© by the contributing authors. All material on this collaboration platform is the property of the contributing authors." It is a setting WEBCOPYRIGHT that defines this. This is often not adequate.

You change the copy right statement globally by taking these steps.

Troubleshooting

The first step is to re-run the configure script and make sure you have resolved all errors, and are satisfied that you understand any warnings.

Failing that, please check TWiki:TWiki.InstallingTWiki on TWiki.org, the supplemental documentation that help you install TWiki on different platforms, environments and web hosting sites. For example:

It is also advisable to review TWiki:Codev.KnownIssuesOfTWiki04x02.

If you need help, ask a question in the TWiki:Support web or on TWiki:Codev/TWikiIRC (irc.freenode.net, channel #twiki)

Appendices

TWiki System Requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

Resource Required Server Environment
Perl 5.8.4 or higher is recommended. TWiki will run in perl 5.6.1 but only with Wysiwyg editor disabled. Wysiwyg requires unicode support which is provided by perl 5.8.1 and forward.
RCS 5.7 or higher (including GNU diff)
Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)
GNU diff GNU diff 2.7 or higher is required when not using the all-Perl Rcs Lite? .
Install on PATH if not included with RCS (check version with diff -v)
Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff
Other external programs fgrep, egrep
Cron/scheduler • Unix: cron
• Windows: cron equivalents
Web server Apache is well supported; for information on other servers, see TWiki:TWiki.InstallingTWiki#OtherWebServers.

Required CPAN Modules

Most of the CPAN libraries listesd below are part of a standard Perl installation so you most likely have them all!

See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries

The following Perl CPAN modules are used by TWiki:

Module Preferred version
Algorithm::Diff (included)  
CGI Versions 2.89 and 3.37 must be avoided. Most version from 3.15 and onwards should work.
CGI::Carp >=1.26
Config >=0
Cwd >=3.05
Data::Dumper >=2.121
Error (included)  
File::Copy >=2.06
File::Find >=1.05
File::Spec >=3.05
FileHandle >=2.01
IO::File >=1.10
Text::Diff (included)  
Time::Local >=1.11

Optional CPAN Modules

The following Perl modules may be used by TWiki:

See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries

Module Preferred version Description
Archive::Tar   May be required by the Extensions Installer in configure if command line tar or unzip is not available
CGI::Cookie >=1.24 Used for session support
CGI::Session >=3.95 Highly recommended! Used for session support
Digest::base    
Digest::SHA1    
Jcode   Used for I18N support with perl 5.6
Locale::Maketext::Lexicon >=0 Used for I18N support
Net::SMTP >=2.29 Used for sending mail
Unicode::Map   Used for I18N support with perl 5.6
Unicode::Map8   Used for I18N support with perl 5.6
Unicode::MapUTF8   Used for I18N support with perl 5.6
Unicode::String   Used for I18N support with perl 5.6
URI   Used for configure

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this: 

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

The TWiki standard installation has relatively low browser requirements:

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

You can easily select a balance of browser capability versus look and feel. Try the installed skins at TWiki/TWikiSkinBrowser and more at TWiki:Plugins.SkinPackage.

Important note about TWiki Plugins

Notes on Installing TWiki on Non-Root Account

The following supplemental notes to the Basic Installation instructions apply to installing TWiki on a system where you don't have Unix/Linux root (administrator) privileges, for example, on a hosted Web account or an intranet server administered by someone else.

Referring to the Basic Installation steps presented above:

TWiki dir: What it is: Where to copy: Example:
twiki start-up pages root TWiki dir /home/smith/twiki/
twiki/bin CGI bin CGI-enabled dir /home/smith/twiki/bin
twiki/lib library files same level as twiki/bin /home/smith/twiki/lib
twiki/locale language files dir secure from public access /home/smith/twiki/locale
twiki/pub public files htdoc enabled dir /home/smith/twiki/pub
twiki/data topic data dir secure from public access /home/smith/twiki/data
twiki/templates web templates dir secure from public access /home/smith/twiki/templates
twiki/tools TWiki utlilities dir secure from public access /home/smith/twiki/tools
twiki/working Temporary and internal files dir secure from public access /home/smith/twiki/working

For additional information about installing TWiki on a hosted accounts, see TWiki:TWiki.InstallingTWiki#WebHostingSites

Installing Manually Without Configure

It is highly recommended to use run configure from the browser when setting up TWiki. Configure does a lot of the hard work for you.

But there may be instances where you do not want to use configure or where configure simply won't run because of a missing dependency.

The manual steps you have to take are:

Back to top

TWiki Upgrade Guide

This guide covers upgrading from a previous version of TWiki (such as Cairo or TWiki4.0) to TWiki 4.2

Overview

TWiki-4.0.0 was a major new release. TWiki-4.1.0 was a minor release without dramatic changes since 4.0.0. TWiki-4.2.0 is also a minor release containing a few new features that can be seen by the end user, a large number of bug fixes, and a face lift for the skin. It also contains some important updates under the hood to the way users are handled which enables new types of authentication and integration with other systems. The most important new feature is the Query Search feature.

Upgrade Requirements

Major Changes Compared to TWiki Release 01-Sep-2004 and TWiki Release 4.0.0

See TWiki Release Notes 04x 00, TWiki Release Notes 04x 01 and TWiki Release Notes 04x 02

Upgrade Procedure

The following steps are a rough guide to upgrading only. It is impossible to give detailed instructions, as what you have to do may depend on whether you can configure the webserver or not, and how much you have changed distributed files in your current TWiki release.

The main steps are:

  1. Install the new TWiki version, configure it, and get it to work similar to the old version
  2. Install additional extensions (Plugins). Make sure to use the latest versions
  3. Copy all the non-default webs from the old installation to the new
  4. Copy the users from old installation to the new incl all their topics from Main
  5. Apply tailorings to your Skin (logos, menu bars etc)
  6. Apply preferences from old installation

Installation

Install Extensions

Copy your old webs to new TWiki

Copy Users And Their Topics From Main Web

Apply Customizations To The Skin

Apply Preferences From Old Installation

Customization of Special Pages

Some pages in the TWiki web are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. If you have made such customizations remember to replace these topics in the TWiki web with the tailored versions from your old installation. The topics are:

Upgrading from Cairo to TWiki4 (additional advice)

Favicon

TWiki4's Pattern Skin introduces the use of the favicon feature which most browsers use to show a small icon in front of the URL and for bookmarks.

In TWiki4 it is assumed that each web has a favicon.ico file attached to the WebPreferences topic. When you upgrade from Cairo to TWiki4 you do not have this file and you will get flooded with errors the error log of your web server. There are two solutions to this.

To change the location of favicon.ico in TWikiPreferences to the TWiki web add this line to TWiki Preferences 

   * Set FAVICON = %PUBURLPATH%/%SYSTEMWEB%/%WEBPREFSTOPIC%/favicon.ico

TWikiUsers topic in Main web

Your Cairo Main.TWikiUsers topic will work in TWiki4 but you will need to ensure that these 4 users from the default TWiki4 version of TWikiUsers are copied to the existing TWikiUsers topic. TWikiGuest is probably already there but the others are new

You additionally need to ensure that TWikiUsers has the Set ALLOWTOPICCHANGE = TWikiAdminGroup, TWikiRegistrationAgent. Otherwise people will not be able to register.

Important Changes since 4.0.5

Supported Perl version

TWiki 4.0.5 worked on Perl version 5.6.X. Reports from users has shown that unfortunately TWiki 4.1.0 does not support Perl versions older then 5.8.0. It is the goal that TWiki should work on at least Perl version 5.6.X but none of the developers have had access to Perl installations older than 5.8.0.

Since TWiki 4.1.0 has some urgent bugs the development team decided to release TWiki 4.1.1 without resolving the issue with Perl 5.6.X. We will however address this and try and resolve it for a planned 4.1.2 release. The TWiki community is very interested in contributions from users that have fixes for the code which will enable TWiki to run on older versions of Perl.

See the WhatVersionsOfPerlAreSupported topic to keep up to date with the discussion how to get back support for earlier Perl versions.

Template spec changed

Until TWiki 4.0.5 TWiki Templates the text inside template definition blocks (anything between %TMPL:DEF{"block"}% and %TMPL:END% was stripped of leading and trailing white space incl new lines.

This caused a lot of problems for skin developers when you wanted a newline before or after the block text.

From TWiki 4.1.0 this has changed so that white space is no longer stripped. Skins like PatternSkin and NatSkin have been updated so that they work with the new behavior. But if you use an older skin or have written your own you will most likely need to make some adjustments.

It is not difficult. The general rule is - if you get mysterious blank lines in your skin, the newline after the %TMPL:DEF{"block"}% needs to be removed. Ie. the content of the block must follow on the same line as the TMPL:DEF.

The spec change have the same impact on Comment Plugin templates where you may have to remove the first line break after the TMPL:DEF. See the Comment Plugin Template for examples of how comment template definitions should look like in TWiki-4.1.X

An example: A CommentPlugin template that adds a comment as appending a row to a table. Before the spec change this would work. 

<verbatim>
%TMPL:DEF{OUTPUT:tabletest}%%POS:BEFORE%
|%URLPARAM{"comment"}%| -- %WIKIUSERNAME% - %DATE% |
%TMPL:END%
</verbatim>

From Twiki 4.1.0 the old template definition will add an empty line before the new table row. To fix it simply remove the new line before the table. 

<verbatim>
%TMPL:DEF{OUTPUT:tabletest}%%POS:BEFORE%|%URLPARAM{"comment"}%| -- %WIKIUSERNAME% - %DATE% |
%TMPL:END%
</verbatim>

The advantage of the spec change is that now you can add leading and trailing white space including new lines. This was not possible before.

Important Changes since 4.1.0

New location for session and other temporary files

An upgrader upgrading to 4.1.1 should note the following important change

The directory for passthrough files and session files have been replaced by a common directory for temporary files used by TWiki. Previously the two configure settings {PassthroughDir} and {Sessions}{Dir} were by default set to /tmp. These config settings have been replaced by {TempfileDir} with the default setting value /tmp/twiki. If the twiki directory does not exist twiki will create it first time it needs it.

It is highly recommended no longer to use the tmp directory common to other web applications and the new default will work fine for most. You may want to delete all the old session files in /tmp after the upgrade to 4.1.1. They all start with cgisess_. It is additionally highly recommended to limit write access to the {TempfileDir} for security reasons if you have non-admin users with login access to the webserver just like you would do with the other webserver directories.

Important Changes since 4.1.2

New WYSIWYG Editor

TWiki now ships with a new WYSIWYG editor based on TinyMCE replaces the Kupu based editor.
TinyMCE is not a perfect Wysiwyg editor but it is magnitudes better than the Kupu editor

The WysiwygPlugin that drives the engine behind both TinyMCE has additionally been heavily improved so that less TWiki Applications are negatively affected by editing WYSIWYG

When TinyMCEPlugin is enabled the Edit button per default becomes WYSIWYG editing mode. A new Raw Edit link has been added to enable application developers to edit the good old way

The WYSIWYG button has been removed.

NEWTOPICLINKSYMBOL removed

The NEWTOPICLINKSYMBOL preference which was deprecated in 4.1 has now been removed from the code. If you want to control the appearance of new links, you can use NEWLINKFORMAT.

UserForm and NewUserTemplate Customization

When a new user registers on TWiki his user topic is created based on the NewUserTemplate and UserForm.

The NewUserTemplate was located in the TWiki web and the UserForm in the Main web. When upgrading TWiki these were some of the topics you had to take care not to overwrite.

From 4.2.0 the UserForm and NewUserTemplate are distributed in the TWiki web. If you create the two in the Main web the Main web version will be used instead. So if you tailor the user topic format or the form then you should always copy the two files to the Main web and modify the ones in the Main web. When you later upgrade TWiki your tailored template and form will not be overwritten.

TWikiUsers no longer distributed

The Main.TWikiUsers topic contains all the registered users. It is a topic you do not want to overwrite when you upgrade TWiki.

From 4.2.0 this file is no longer included in the TWiki distribution. When you register the first time TWiki creates the Main.TWikiUsers topic in the Main web if it does not exist already. This means that you can now upgrade TWiki without risk of overwriting the important TWikiUsers topic.

New working directory

A new directory working which per default is located in the twiki root, has been introduced which contains:

Note: Remember to restrict access to this new directory when you upgrade.

The configuration setting {WorkingDir} defines the container directory for temporary files, extensions' work areas, and intermediate registration data. The default is working under your installation root.

Take care for that change if you run your own routine to delete obsolete session files, which will now be found under working/tmp/cgisess*.

New Internal Admin Login

TWiki 4.2 introduces a new Internal Admin Login feature which uses "admin" (configurable) as username and the password used for configure to become temporary administrator. When you do a new installation you need to use this feature as Main.TWikiAdminGroup is now access restricted by default to avoid security attacks during the hours an installation may take. From configure there is a link to the TWikiAdminGroup topic and on TWikiAdminGroup the step by step instructions are written in a yellow box. Our advice is not to remove this help text in case you need it later.

Back to top

TWiki User Authentication

TWiki site access control and user activity tracking options

Overview

Authentication, or "login", is the process by which a user lets TWiki know who they are.

Authentication isn't just to do with access control. TWiki uses authentication to identify users, so it can keep track of who made changes, and manage a wide range of personal settings. With authentication enabled, users can personalise TWiki and contribute as recognised individuals, instead of shadows.

TWiki authentication is very flexible, and can either stand alone or integrate with existing authentication schemes. You can set up TWiki to require authentication for every access, or only for changes. Authentication is also essential for access control.

Quick Authentication Test - Use the %USERINFO% variable to return your current identity:

TWiki user authentication is split into four sections; password management, user mapping, user registration, and login management. Password management deals with how users personal data is stored. Registration deals with how new users are added to the wiki. Login management deals with how users log in.

Once a user is logged on, they can be remembered using a Client Session stored in a cookie in the browser (or by other less elegant means if the user has disabled cookies). This avoids them having to log on again and again.

TWiki user authentication is configured through the Security Settings pane in the configure interface.

Please note File Attachments are not protected by TWiki User Authentication.

TIP Tip: TWiki:TWiki.TWikiUserAuthenticationSupplement on TWiki.org has supplemental documentation on user authentication.

Password Management

As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the [[/bin/configure][configure] interface for more details.

You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases.

User Mapping

Often when you are using an external authentication method, you want to map from an unfriendly "login name" to a more friendly Wiki Name. Also, an external authentication database may well have user information you want to import to TWiki, such as user groups.

By default, TWiki supports mapping of usernames to wikinames, and supports TWiki groups internal to TWiki. If you want, you can plug in an alternate user mapping module to support import of groups etc.

User Registration

New user registration uses the password manager to set and change passwords and store email addresses. It is also responsible for the new user verification process. the registration process supports single user registration via the TWiki Registration page, and bulk user registration via the Bulk Registration page (for admins only).

The registration process is also responsible for creating user topics, and setting up the mapping information used by the User Mapping support.

Login Management

Login management controls the way users have to log in. There are three basic options; no login, login via a TWiki login page, and login using the webserver authentication support.

No Login (select none in configure)

Does exactly what it says on the tin. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWiki Guest default identity, so you can't track individual user activity.

ALERT! Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators.

Template Login (select TWiki::Client::TemplateLogin in configure)

Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.

Enabling Template Login

  1. Use the configure interface to
    1. select the TWiki::Client::TemplateLogin login manager (on the Security Settings pane).
    2. select the appropriate password manager for your system, or provide your own.
    3. HELP there is also an EXPERT configure setting {TemplateLogin}{PreventBrowserRememberingPassword} that you can set to prevent Browsers from remembering username and passwords if you are concerned about public terminal usage.
  2. Register yourself in the TWiki Registration topic.
    HELP Check that the password manager recognises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.
  3. Create a new topic to check if authentication works.
  4. Edit the TWiki Admin Group topic in the Main web to include users with system administrator status.
    ALERT! This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

TWiki Access Control has more information on setting up access controls.

ALERT! At this time TWiki Access Controls cannot control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up in the webserver to allow open access you may want to add .htaccess files in there to restrict access.

TIP You can create a custom version of the TWiki Registration form by copying the topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWiki Registration shipped with TWiki, as your changes will be overwritten next time you upgrade.

TIP The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate? topic, which will then override the default.

Apache Login (select TWiki::Client::ApacheLogin in configure)

Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which is set when you enable authentication in the webserver.

The advantage of this scheme is that if you have an existing website authentication scheme using Apache modules such as mod_auth_ldap or mod_auth_mysql you can just plug in directly to them.

The disadvantage is that because the user identity is cached in the browser, you can log in, but you can't log out again unless you restart the browser.

TWiki maps the REMOTE_USER that was used to log in to the webserver to a Wiki Name using the table in TWiki Users. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver login name is used for their signature) or register (in which case that login name is mapped to their Wiki Name).

The same private .htpasswd file used in TWiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support.

Warning: Do not use the Apache htpasswd program with .htpasswd files generated by TWiki! htpasswd wipes out email addresses that TWiki plants in the info fields of this file.

Enabling Apache Login using mod_auth

You can use any other Apache authentication module that sets REMOTE_USER.
  1. Use configure to select the TWiki::Client::ApacheLogin login manager.
  2. Use configure to set up TWiki to create the right kind of .htpasswd entries.
  3. Create a .htaccess file in the twiki/bin directory.
    HELP There is an template for this file in twiki/bin/.htaccess.txt that you can copy and change. The comments in the file explain what need to be done.
    HELP If you got it right, the browser should now ask for login name and password when you click on the Edit. If .htaccess does not have the desired effect, you may need to "AllowOverride All" for the directory in httpd.conf (if you have root access; otherwise, e-mail web server support)
    ALERT! At this time TWiki Access Controls do not control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up to allow open access you may want to add .htaccess files in there as well to restrict access
  4. You can create a custom version of the TWiki Registration form by copying the default topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user home page correctly. Do not modify the version of TWiki Registration shipped with TWiki, as your changes will be overwritten next time you upgrade.
    The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user home page by creating the Main.NewUserTemplate? topic, which will then override the default.
  5. Register yourself in the TWiki Registration topic.
    HELP Check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you may have got a path wrong, or the permissions may not allow the webserver user to write to that file.
  6. Create a new topic to check if authentication works.
  7. Edit the TWiki Admin Group topic in the Main web to include users with system administrator status.
    ALERT! This is a very important step, as users in this group can access all topics, independent of TWiki access controls.
TWiki Access Control has more information on setting up access controls.

Logons via bin/logon

Any time a user requests a page that needs authentication, they will be forced to log on. It may be convenient to have a "logon" link as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log on.

The bin/logon script enables this. If you are using Apache Login, the bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user. Once authenticated, it will redirect the user to the view URL for the page from which the logon script was linked.

Sessions

TWiki uses the CPAN:CGI::Session and CPAN:CGI::Cookie modules to track sessions. These modules are de facto standards for session management among Perl programmers. If you can't use Cookies for any reason, CPAN:CGI::Session also supports session tracking using the client IP address.

You don't have to enable sessions to support logins in TWiki. However it is strongly recommended. TWiki needs some way to remember the fact that you logged in from a particular browser, and it uses sessions to do this. If you don;t enable sessions, TWiki will try hard to remember you, but due to limitations in the browsers it may also forget you (and then suddenly remember you again later!). So for the best user experience, you should enable sessions.

There are a number of TWiki Variables available that you can use to interrogate your current session. You can even add your own session variables to the TWiki cookie. Session variables are referred to as "sticky" variables.

Getting, Setting, and Clearing Session Variables

You can get, set, and clear session variables from within TWiki web pages or by using script parameters. This allows you to use the session as a personal "persistent memory space" that is not lost until the web browser is closed. Also note that if a session variable has the same name as a TWiki preference, the session variables value takes precedence over the TWiki preference. This allows for per-session preferences.

To make use of these features, use the tags: 

%SESSION_VARIABLE{ "varName" }%
%SESSION_VARIABLE{ "varName" set="varValue" }%
%SESSION_VARIABLE{ "varName" clear="" }%

Note that you cannot override access controls preferences this way.

Cookies and Transparent Session IDs

TWiki normally uses cookies to store session information on a client computer. Cookies are a common way to pass session information from client to server. TWiki cookies simply hold a unique session identifier that is used to look up a database of session information on the TWiki server.

For a number of reasons, it may not be possible to use cookies. In this case, TWiki has a fallback mechanism; it will automatically rewrite every internal URL it sees on pages being generated to one that also passes session information.

TWiki Username vs. Login Username

This section applies only if you are using authentication with existing login names (i.e. mapping from login names to Wiki Names).

TWiki internally manages two usernames: Login Username and TWiki Username.

TWiki can automatically map an Intranet (Login) Username to a TWiki Username if the {AllowLoginName} is enabled in configure. The default is to use your Wiki Name as a login name.

NOTE: To correctly enter a Wiki Name - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces, for example Main.WikiUsername or %USERSWEB%.WikiUsername. This points WikiUsername to the Main web, where user home pages are located, no matter which web it's entered in. Without the web prefix, the name appears as a New Topic? everywhere but in the Main web.

Changing Passwords

If your {PasswordManager} supports password changing, you can change and reset passwords using forms on regular pages.

Changing E-mail Addresses

If the active {PasswordManager} supports storage and retrieval of user e-mail addresses, you can change your e-mail using a regular page. As shipped, this is true only for the Apache 'htpasswd' password manager.

Controlling access to individual scripts

You may want to add or remove scripts from the list of scripts that require authentication. The method for doing this is different for each of Template Login and Apache Login.

How to choose an authentication method

One of the key features of TWiki is that it is possible to add HTML to topics. No authentication method is 100% secure on a website where end users can add HTML, as there is always a risk that a malicious user can add code to a topic that gathers user information, such as session IDs. The TWiki developers have been forced to make certain tradeoffs, in the pursuit of efficiency, that may be exploited by a hacker.

This section discusses some of the known risks. You can be sure that any potential hackers have read this section as well!

At one extreme, the most secure method is to use TWiki via SSL (Secure Sockets Layer), with a login manager installed and Client Sessions turned off.

Using TWiki with sessions turned off is a pain, though, as with all the login managers there are occasions where TWiki will forget who you are. The best user experience is achieved with sessions turned on.

As soon as you allow the server to maintain information about a logged-in user, you open a door to potential attacks. There are a variety of ways a malicious user can pervert TWiki to obtain another users session ID, the most common of which is known as a cross-site scripting attack. Once a hacker has an SID they can pretend to be that user.

To help prevent these sorts of attacks, TWiki supports IP matching, which ensures that the IP address of the user requesting a specific session is the same as the IP address of the user who created the session. This works well as long as IP addresses are unique to each client, and as long as the IP address of the client can't be faked.

Session IDs are usually stored by TWiki in cookies, which are stored in the client browser. Cookies work well, but not all environments or users permit cookies to be stored in browsers. So TWiki also supports two other methods of determining the session ID. The first method uses the client IP address to determine the session ID. The second uses a rewriting method that rewrites local URLs in TWiki pages to include the session ID in the URL.

The first method works well as long as IP addresses are unique to each individual client, and client IP addresses can't be faked by a hacker. If IP addresses are unique and can't be faked, it is almost as secure as cookies + IP matching, so it ranks as the fourth most secure method.

If you have to turn IP matching off, and cookies can't be relied on, then you may have to rely on the second method, URL rewriting. This method exposes the session IDs very publicly, so should be regarded as "rather dodgy".

Most TWiki sites don't use SSL, so, as is the case with most sites that don't use SSL, there is always a possibility that a password could be picked out of the aether. Browsers do not encrypt passwords sent over non-SSL links, so using Apache Login is no more secure than Template Login.

Of the two shipped login managers, Apache Login is probably the most useful. It lets you do this sort of thing: wget --http-user=RogerRabbit --http-password=i'mnottelling http://www.example.com/bin/save/Sandbox/StuffAUTOINC0?text=hohoho,%20this%20is%20interesting i.e. pass in a user and password to a request from the command-line. However it doesn't let you log out.

Template Login degrades to url re-writing when you use a client like dillo that does not support cookies. However, you can log out and back in as a different user.

Finally, it would be really neat if someone was to work out how to use certificates to identify users.....

See TWiki:TWiki.SecuringTWikiSite for more information.

Back to top

TWiki Access Control

Restricting read and write access to topics and webs, by Users and groups

TWiki Access Control allows you restrict access to single topics and entire webs, by individual user and by user Groups. Access control, combined with TWiki User Authentication, lets you easily create and manage an extremely flexible, fine-grained privilege system.

TIP Tip: TWiki:TWiki.TWikiAccessControlSupplement on TWiki.org has additional documentation on access control.

An Important Control Consideration

Open, freeform editing is the essence of Wiki Culture - what makes TWiki different and often more effective than other collaboration tools. For that reason, it is strongly recommended that decisions to restrict read or write access to a web or a topic are made with great care - the more restrictions, the less Wiki in the mix. Experience shows that unrestricted write access works very well because:

As a collaboration guideline:

Permissions settings of the webs on this TWiki site

Web Sitemap VIEW CHANGE RENAME
  Listed DENY ALLOW DENY ALLOW DENY ALLOW
Preferences Home Main on       TWiki Registration Agent PolyHub Member Group    
Preferences Home TWiki on       TWiki Admin Group   TWiki Admin Group
Preferences Home Documentation on       PolyHub Member Group   PolyHub Member Group
Preferences Home Sandbox on            

Please Note:

Note: Above table comes from Site Permissions

Authentication vs. Access Control

Authentication: Identifies who a user is based on a login procedure. See TWiki User Authentication.

Access control: Restrict access to content based on users and groups once a user is identified.

Users and Groups

Access control is based on the familiar concept of Users and Groups. Users are defined by their Wiki Names. They can then be organized in unlimited combinations by inclusion in one or more user Groups. For convenience, Groups can also be included in other Groups.

Managing Users

A user can create an account in TWiki Registration. The following actions are performed:

The default visitor name is TWiki Guest. This is the non-authenticated user.

Managing Groups

The following describes the standard TWiki support for groups. Your local TWiki may have an alternate group mapping manager installed. Check with your TWiki administrator if you are in doubt.

Groups are defined by group topics located in the Main web. To create a new group, visit TWiki Groups and enter the name of the new group ending in Group into the "new group" form field. This will create a new group topic with two important settings:

The GROUP setting is a comma-separated list of users and/or other groups. Example:

The ALLOWTOPICCHANGE setting defines who is allowed to change the group topic; it is a comma delimited list of users and groups. You typically want to restrict that to the members of the group itself, so it should contain the name of the topic. This prevents users not in the group from editing the topic to give themselves or others access. For example, for the KasabianGroup topic write:

ALERT! Note: TWiki has strict formatting rules. Make sure you have three spaces, an asterisk, and an extra space in front of any access control rule.

The Super Admin Group

A number of TWiki functions (for example, renaming webs) are only available to administrators. Administrators are simply users who belong to the SuperAdminGroup. This is a standard user group, the name of which is defined by {SuperAdminGroup} setting in configure. The default name of this group is the TWikiAdminGroup. The system administrator may have chosen a different name for this group if your local TWiki uses an alternate group mapping manager but for simplicity we will use the default name TWikiAdminGroup in the rest of this topic.

You can create new administrators simply by adding them to the TWiki Admin Group topic. For example,

A member of the Super Admin Group has unrestricted access throughout the TWiki, so only trusted staff should be added to this group.

Restricting Access

You can define who is allowed to read or write to a web or a topic. Note that some plugins may not respect access permissions.

Note that there is an important distinction between CHANGE access and RENAME access. A user can CHANGE a topic, but thanks to version control their changes cannot be lost (the history of the topic before the change is recorded). However if a topic or web is renamed, that history may be lost. Typically a site will only give RENAME access to administrators and content owners.

Controlling access to a Web

You can define restrictions on who is allowed to view a TWiki web. You can restrict access to certain webs to selected Users and Groups, by:

If your site allows hierarchical webs, then access to sub-webs is determined from the access controls of the parent web, plus the access controls in the sub-web. So, if the parent web has ALLOWWEBVIEW set, this will also apply to the subweb. Also note that you will need to ensure that the parent web's FINALPREFERENCES does not include the access control settings listed above. Otherwise you will not be able override the parent web's access control settings in sub-webs.

Creation and renaming of sub-webs is controlled by the WEBCHANGE setting on the parent web (or ROOTCHANGE for root webs). Renaming is additionally restricted by the setting of WEBRENAME in the web itself.

Note: If you restrict access to the Main, make sure to add the TWikiRegistrationAgent so that users can register. Example:

Note: For Web level access rights Setting any of these settings to an empty value has the same effect as not setting them at all. Please note that the documentation of TWiki 4.0 and earlier versions of TWiki 4.1 did not reflect the actual implementation, e.g. an empty ALLOWWEBVIEW does not prevent anyone from viewing the web, and an an empty DENYWEBVIEW does not allow all to view the web.

Controlling access to a Topic

Remember when opening up access to specific topics within a restricted web that other topics in the web - for example, the Web Left Bar - may also be accessed when viewing the topics. The message you get when you are denied access should tell you what topic you were not permitted to access.

Be careful with empty values for any of these.

The same rules apply to ALLOWTOPICCHANGE/DENYTOPICCHANGE and APPLYTOPICRENAME/DENYTOPICRENAME. Setting ALLOWTOPICCHANGE or ALLOWTOPICRENAME to en empty value means the same as not defining it. Setting DENYTOPICCHANGE or DENYTOPICRENAME to an empty value means that anyone can edit or rename the topic.

ALERT! If the same setting is defined multiple times the last one overrides the previous. They are not OR'ed together.

ALERT! The setting to an empty has caused confusion and great debate and it has been decided that the empty setting syntax will be replaced by something which is easier to understand in a later version of TWiki. A method to upgrade will be provided. Please read the release notes carefully when you upgrade.

See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.

Controlling access to Attachments

Attachments are referred to directly, and are not normally indirected via TWiki scripts. This means that the above instructions for access control will not apply to attachments. It is possible that someone may inadvertently publicise a URL that they expected to be access-controlled.

The easiest way to apply the same access control rules for attachments as apply to topics is to use the Apache mod_rewrite module, and configure your webserver to redirect accesses to attachments to the TWiki viewfile script. For example, 

    ScriptAlias /twiki/bin/ /filesystem/path/to/twiki/bin/
    Alias /twiki/pub/       /filesystem/path/to/twiki/pub/

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/+twiki/+pub/+TWiki/+.+
    RewriteRule ^/+twiki/+pub/+([^/]+)/+((([^/]+)/+)+)(.+) /twiki/bin/viewfile/$1/$4?filename=$5 [L,PT]

That way all the controls that apply to the topic also apply to attachments to the topic. Other types of webserver have similar support.

Note: Images embedded in topics will load much slower since each image will be delivered by the viewfile script.

Controlling who can manage top-level webs

Top level webs are a special case, because they don't have a parent web with a Web Preferences. So there has to be a special control just for the root level.

Note that you do not require ROOTCHANGE access to rename an existing top-level web. You just need WEBCHANGE in the web itself.

How TWiki evaluates ALLOW/DENY settings

When deciding whether to grant access, TWiki evaluates the following rules in order (read from the top of the list; if the logic arrives at PERMITTED or DENIED that applies immediately and no more rules are applied). You need to read the rules bearing in mind that VIEW, CHANGE and RENAME access may be granted/denied separately.

  1. If the user is an administrator
    • access is PERMITTED.
  2. If DENYTOPIC is set to a list of wikinames
    • people in the list will be DENIED.
  3. If DENYTOPIC is set to empty ( i.e. Set DENYTOPIC = )
    • access is PERMITTED i.e no-one is denied access to this topic.
      ALERT! Attention: Use this with caution. This is deprecated and will likely change in the next release.
  4. If ALLOWTOPIC is set
    1. people in the list are PERMITTED
    2. everyone else is DENIED
  5. If DENYWEB is set to a list of wikinames
    • people in the list are DENIED access
  6. If ALLOWWEB is set to a list of wikinames
    • people in the list will be PERMITTED
    • everyone else will be DENIED
  7. If you got this far, access is PERMITTED

Access control and INCLUDE

ALLOWTOPICVIEW and ALLOWTOPICCHANGE only applies to the topic in which the settings are defined. If a topic A includes another topic B, topic A does not inherit the access rights of the included topic B.

Examples: Topic A includes topic B

Access Control quick recipes

Obfuscating Webs

Another way of hiding webs is to keep them hidden by not publishing the URL and by preventing the all webs search option from accessing obfuscated webs. Do so by enabling the NOSEARCHALL variable in Web Preferences:

This setup can be useful to hide a new web until content its ready for deployment, or to hide view access restricted webs.

ALERT! Note: Obfuscating a web without view access control is very insecure, as anyone who knows the URL can access the web.

Restrict Access to Whole TWiki Site

For a firewalled TWiki, e.g. an intranet wiki or extranet wiki, you want to allow only invited people to access your TWiki. In this case, enable user authentication with ApacheLogin and lock down access to the whole twiki/bin and twiki/pub directories to all but valid users. In the Apache .htaccess file or the appropriate .conf file, replace the <FilesMatch "(attach|edit|... section with this: 

<FilesMatch ".*">
       require valid-user
</FilesMatch>

If needed, you can further restrict access to selected webs with ALLOWWEBVIEW and other access control settings.

Note: With this configuration, someone with access to the site needs to register new users.

Authenticate all Webs and Restrict Selected Webs

Use the following setup to authenticate users for topic viewing in all webs and to restrict access to selected webs. Requires TWiki User Authentication to be enabled.

  1. Set require valid-user on your view script in .htaccess or the appropriate Apache .conf file. As of 4.x, this looks like: FilesMatch "(attach|edit|manage|rename|save|view|upload|mail|logon|.*auth).*" (normally view is not in that list).
  2. Restrict view access to selected Users and Groups. Set one or both of these variables in its Web Preferences topic:
    • Set DENYWEBVIEW = < list of Users and Groups >
    • Set ALLOWWEBVIEW = < list of Users and Groups >
    • Note: DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted if DENYWEBVIEW and ALLOWWEBVIEW are not defined.
  3. If you still want public users to be able to register automatically follow TWiki:TWiki.RegisterOnViewRestrictedSite.

Authenticate and Restrict Selected Webs Only

Use the following setup to provide unrestricted viewing access to open webs, with authentication only on selected webs. Requires TWiki User Authentication to be enabled.

  1. Restrict view access to selected Users and Groups. Set one or both of these variables in its Web Preferences topic:
    • Set DENYWEBVIEW = < list of Users and Groups >
    • Set ALLOWWEBVIEW = < list of Users and Groups >
    • Note: DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted if DENYWEBVIEW and ALLOWWEBVIEW are not defined.

Hide Control Settings

TIP Tip: To hide access control settings from normal browser viewing, you can put them into the topic preference settings by clicking the link Edit topic preference settings under More topic actions menu. Preferences set in this manner are not visible in the topic text, but take effect nevertheless. Access control settings added as topic preference settings are stored in the topic meta data and they override settings defined in the topic text.

Alternatively, place them in HTML comment markers, but this exposes the access setting during ordinary editing.

<!--
   * Set DENYTOPICCHANGE = Main.SomeGroup
-->

Back to top

TWiki Text Formatting

Working in TWiki is as easy as typing in text. You don't need to know HTML, though you can use it if you prefer. Links to topics are created automatically when you enter Wiki Words. And TWiki shorthand gives you all the power of HTML with a simple coding system that takes no time to learn. It's all laid out below.

TWiki Editing Shorthand

Formatting Command: You write: You get:
Paragraphs:
Blank lines will create new paragraphs. 
1st paragraph

2nd paragraph

1st paragraph

2nd paragraph

Headings:
Three or more dashes at the beginning of a line, followed by plus signs and the heading text. One plus creates a top level heading, two pluses a second level heading, etc. The maximum heading depth is 6.

You can create a table of contents with the %TOC% variable. If you want to exclude a heading from the TOC, put !! after the ---+.

ALERT! Empty headings are allowed, but won't appear in the table of contents. 

---++ Sushi
---+++ Maguro
---+++!! Not in TOC

Sushi

Maguro

Not in TOC
Bold Text:
Words get shown in bold by enclosing them in * asterisks. 
*Bold*

Bold

Italic Text:
Words get shown in italic by enclosing them in _ underscores. 
_Italic_

Italic

Bold Italic:
Words get shown in bold italic by enclosing them in __ double-underscores. 
__Bold italic__

Bold italic

Fixed Font:
Words get shown in fixed font by enclosing them in = equal signs. 
=Fixed font=

Fixed font

Bold Fixed Font:
Words get shown in bold fixed font by enclosing them in double equal signs. 
==Bold fixed==

Bold fixed

TIP You can follow the closing bold, italic, or other (* _ __ = ==) indicator with normal punctuation, such as commas and full stops.

ALERT! Make sure there is no space between the text and the indicators. 

_This works_,
_this does not _

This works,
_this does not _

Verbatim Text:
Surround code excerpts and other formatted text with <verbatim> and </verbatim> tags.
TIP verbatim tags disable HTML code. Use <pre> and </pre> tags instead if you want the HTML code within the tags to be interpreted.
ALERT! NOTE: Preferences variables (* Set NAME = value) are set within verbatim tags. 
<verbatim>
class CatAnimal {
  void purr() {
    <code here>
  }
}
</verbatim>

class CatAnimal {
  void purr() {
    <code here>
  }
}
Separator (Horizontal Rule):
Three or more three dashes at the beginning of a line.. 
-------

Bulleted List:
Multiple of three spaces, an asterisk, and another space.
HELP For all the list types, you can break a list item over several lines by indenting lines after the first one by at least 3 spaces. 
   * level 1
      * level 2
   * back on 1
   * A bullet
     broken over
     three lines
   * last bullet

  • level 1
    • level 2
  • back on 1
  • A bullet broken over three lines
  • last bullet
Numbered List:
Multiple of three spaces, a type character, a dot, and another space. Several types are available besides a number:
Type Generated Style Sample Sequence
1. Arabic numerals 1, 2, 3, 4...
A. Uppercase letters A, B, C, D...
a. Lowercase letters a, b, c, d...
I. Uppercase Roman Numerals I, II, III, IV...
i. Lowercase Roman Numerals i, ii, iii, iv... 
   1. Sushi
   1. Dim Sum
   1. Fondue

   A. Sushi
   A. Dim Sum
   A. Fondue

   i. Sushi
   i. Dim Sum
   i. Fondue

  1. Sushi
  2. Dim Sum
  3. Fondue

  1. Sushi
  2. Dim Sum
  3. Fondue

  1. Sushi
  2. Dim Sum
  3. Fondue
Definition List:
Three spaces, a dollar sign, the term, a colon, a space, followed by the definition.

Deprecated syntax: Three spaces, the term with no spaces, a colon, a space, followed by the definition. 

   $ Sushi: Japan
   $ Dim Sum: S.F.

Sushi
Japan
Dim Sum
S.F.
Table:
Each row of the table is a line containing of one or more cells. Each cell starts and ends with a vertical bar '|'. Any spaces at the beginning of a line are ignored.
  • | *bold* | header cell with text in asterisks
  • |   center-aligned   | cell with at least two, and equal number of spaces on either side
  • |      right-aligned | cell with more spaces on the left
  • | 2 colspan || and multi-span columns with multiple |'s right next to each other
  • |^| cell with caret indicating follow-up row of multi-span rows
  • You can split rows over multiple lines by putting a backslash '\' at the end of each line
  • Contents of table cells wrap automatically as determined by the browser
  • Use %VBAR% or &#124; to add | characters in tables.
  • Use %CARET% or &#94; to add ^ characters in tables.
TIP The Table Plugin provides the |^| multiple-span row functionality and additional rendering features 
| *L* | *C* | *R* |
| A2 |  B2  |  C2 |
| A3 |  B3  |  C3 |
| multi span |||
| A5-7 |  5  |  5 |
|^| six | six |
|^| seven | seven |
| split\
  | over\
  | 3 lines |
| A9 |  B9  |  C9 |

L C R
A2 B2 C2
A3 B3 C3
multi span
A5-7 5 5
six six
seven seven
split over 3 lines
A9 B9 C9
WikiWord Links:
CapitalizedWordsStuckTogether (or Wiki Words) will produce a link automatically if preceded by whitespace or parenthesis.
TIP If you want to link to a topic in a different web write Otherweb.TopicName.
To link to a topic in a subweb write Otherweb.Subweb.TopicName.
HELP The link label excludes the name of the web, e.g. only the topic name is shown. As an exception, the name of the web is shown for the WebHome topic.
ALERT! Dots '.' are used to separate webs and subwebs from topic names and therefore cannot be used in topic names.

It's generally a good idea to use the TWiki Variables %SYSTEMWEB% and %USERSWEB% instead of TWiki and Main. 

WebStatistics

Sandbox.WebNotify

Sandbox.WebHome

Sandbox.Subweb.TopicName

Web Statistics

Web Notify

Sandbox

TopicName

Anchors:
You can define a reference inside a TWiki topic (called an anchor name) and link to that. To define an anchor write #AnchorName at the beginning of a line. The anchor name must be a Wiki Word of no more than 32 characters. To link to an anchor name use the [[MyTopic#MyAnchor]] syntax. You can omit the topic name if you want to link within the same topic. 
[[WikiWord#NotThere]]

[[#MyAnchor][Jump]]

#MyAnchor To here

Wiki Word#Not There

Jump

To here

Forced Links:
You can create a forced internal link by enclosing words in double square brackets.
Text within the brackets may contain optional spaces; the topic name is formed by capitalizing the initial letter and by removing the spaces; for example, [[text formatting FAQ]] links to topic Text Formatting FAQ. You can also refer to a different web and use anchors.
TIP To "escape" double square brackets that would otherwise make a link, prefix the leading left square bracket with an exclamation point. 
[[wiki syntax]]

[[Main.TWiki groups]]

escaped:
![[wiki syntax]]

wiki syntax

Main.TWiki groups

escaped: [[wiki syntax]]

Specific Links:
You can create a link where you specify the link text and the URL separately using nested square brackets [[reference][text]]. Internal link references (e.g. Wiki Syntax) and URLs (e.g. http://TWiki.org/) are both supported. The rules described under Forced Links apply for internal link references.
TIP Anchor names can be added as well, to create a link to a specific place in a topic. 
[[WikiSyntax][wiki syntax]]

[[http://gnu.org][GNU]]

wiki syntax

GNU

Prevent a Link:
Prevent a Wiki Word from being linked by prepending it with an exclamation point. 
!SunOS
SunOS
Disable Links:
You can disable automatic linking of Wiki Words by surrounding text with <noautolink> and </noautolink> tags.
HELP It is possible to turn off all auto-linking with a NOAUTOLINK preferences setting. 
 <noautolink>
 RedHat & SuSE
 </noautolink>

RedHat & SuSE

Mailto Links:
E-mail addresses are linked automatically. To create e-mail links that have more descriptive link text, specify subject lines or message bodies, or omit the e-mail address, you can write [[mailto:user@domain][descriptive text]]. 
a@b.com

[[mailto:a@b.com]\
[Mail]]

[[mailto:?subject=\
Hi][Hi]]

a@b.com

Mail

Hi

Literal content:
TWiki generates HTML code from TWiki shorthand. Experts surround anything that must be output literally in the HTML code, without the application of TWiki shorthand rules, with <literal>..</literal> tags. ALERT! any HTML within literal tags must be well formed i.e. all tags must be properly closed before the end of the literal block. IDEA! TWiki Variables are expanded within literal blocks. 
<literal>
| Not | A | Table |
<literal>
| Not | A | Table |
Protected content:
Experts protect text from mangling by WYSIWYG editors using <sticky>..</sticky> tags. Sticky tags don't have any effect on normal topic display; they are only relevant when content has to be protected from a WYSIWYG editor (usually because it isn't well-formed HTML, or because it is HTML that WYSIWYG would normally filter out or modify). Protected content appears as plain text in the WYSIWYG editor. 		<sticky> 
<div>
This div is required
</div>
<sticky>
This div is required

Using HTML

You can use most HTML tags in TWiki topics without a problem. This is useful where you want to add some content that is formatted in a way that is not supported using TWiki shorthand, for example, you can write <strike>deleted text</strike> to get deleted text.

There are a few usability and technical considerations to keep in mind:

Recommendations when pasting HTML from other sources (using the plain-text editor):

When using a WYSIWYG editor, you can just copy-paste directly into the editor, and the content will be converted to TWiki shorthand automatically when you save.

Hyperlinks

Being able to create links without any special formatting is a core TWiki feature, made possible with Wiki Words and inline URLs.

Internal Links

External Links

TWiki Variables

TWiki Variables are names enclosed in percent signs that are that are expanded to some other text when the topic is displayed. For example, %TOPIC% is expanded to TWiki Variables Quick Start. Some variables can take arguments in curly braces - for example, %INCLUDE{"OtherTopic" ARG="arg"}%.

Many TWiki variables are built-in, and others are predefined for your convenience. You can also define your own TWiki Variables at the entire site, individual web, or individual topic level. For more information, go to TWiki Variables

TWiki Variables are fully expanded before any of the TWiki text formatting rules are applied.

Documentation Graphics: There are many graphics available to use in your topics. Use %ICON{"help"}%, %ICON{"tip"}%, and %ICON{"warning"}% to get: HELP, TIP, and ALERT!, respectively. TWiki Doc Graphics lists them all.

tip To "escape" a variable, prefix it with an exclamation mark. Write: !%SOMEVARIABLE% to get: %SOMEVARIABLE%.

TWikiPlugin Formatting Extensions

Plugins can extend the functionality of TWiki into many other areas. There are a huge number of TWiki plugins available from the Plugins web on TWiki.org.

Currently enabled plugins on this TWiki installation, as listed by %PLUGINDESCRIPTIONS%:

Check on current Plugin status and settings for this site in TWiki Preferences.

Common Editing Errors

TWiki formatting rules are fairly simple to use and quick to type. However, there are some things to watch out for, taken from the Text Formatting FAQ:

Back to top

TWiki Variables

Special text strings expand on the fly to display user data or system info

TWikiVariables are text strings - %VARIABLE% or %VARIABLE{ parameter="value" }% - that expand into content whenever a topic is rendered for viewing. There are two types of variables:

  1. Preferences variables: Can be defined and changed by the user
  2. Predefined variables: Defined by the TWiki system or by Plugins (for example, the Spread Sheet Plugin introduces a %CALC{}% variable)

Using Variables

To use a variable type its name. For example,

Note:

Variable Names

Variable names must start with a letter. The following characters can be letters, numbers and the underscore '_'. You can use both upper-case and lower-case letters and you can mix the characteres. E.g. %MYVAR%, %MyVar%, %My2ndVar%, and %My_Var% are all valid variable names. Variables are case sensitive. %MyVAR% and %MYVAR% are not the same variable.

By convention all settings, predefined variables and variables used by plugins are always UPPER-CASE.

Preferences Variables

Unlike predefined variables, preferences variables can be defined by the user in various places.

Setting Preferences Variables

You can set variables in all the following places:
  1. local site level in TWiki.TWikiPreferences
  2. plugin topics (see TWiki Plugins)
  3. local site level in Main.TWikiPreferences
  4. user level in individual user topics in Main web
  5. web level in Web Preferences of each web
  6. topic level in topics in webs
  7. session variables (if sessions are enabled)

Settings at higher-numbered levels override settings of the same variable at lower numbered levels, unless the variable was included in the setting of FINALPREFERENCES at a lower-numbered level, in which case it is locked at the value it has at that level.

If you are setting a variable and using it in the same topic, note that TWiki reads all the variable settings from the saved version of the topic before it displays anything. This means you can use a variable anywhere in the topic, even if you set it somewhere inconspicuous near the end. But beware: it also means that if you change the setting of a variable you are using in the same topic, Preview will show the wrong thing, and you must Save the topic to see it correctly.

The syntax for setting Variables is the same anywhere in TWiki (on its own TWiki bullet line, including nested bullets):
[multiple of 3 spaces] * [space] Set [space] VARIABLENAME [space] = [space] value

Examples:
  • Set VARIABLENAME = value
    • Set VARIABLENAME = value
Spaces between the = sign and the value will be ignored. You can split a value over several lines by indenting following lines with spaces - as long as you don't try to use * as the first character on the following line.
Example: 
   * Set VARIABLENAME = value starts here
     and continues here

Whatever you include in your Variable will be expanded on display, exactly as if it had been entered directly.

Example: Create a custom logo variable
  • To place a logo anywhere in a web by typing %MYLOGO%, define the Variable on the web's Web Preferences topic, and upload a logo file, ex: mylogo.gif. You can upload by attaching the file to Web Preferences, or, to avoid clutter, to any other topic in the same web, e.g. LogoTopic. Sample variable setting in Web Preferences:
    • Set MYLOGO = %PUBURL%/%WEB%/LogoTopic/mylogo.gif

You can also set preferences variables on a topic by clicking the link Edit topic preference settings under More topic actions. Preferences set in this manner are not visible in the topic text, but take effect nevertheless.

Access Control Variables

These are special types of preferences variables to control access to content. TWiki Access Control explains these security settings in detail.

Local values for variables

Certain topics (a users home topic, web site and default preferences topics) have a problem; variables defined in those topics can have two meanings. For example, consider a user topic. A user may want to use a double-height edit box when they are editing their home topic - but only when editing their home topic. The rest of the time, they want to have a normal edit box. This separation is achieved using Local in place of Set in the variable definition. For example, if the user sets the following in their home topic: 
   * Set EDITBOXHEIGHT = 10
   * Local EDITBOXHEIGHT = 20
Then when they are editing any other topic, they will get a 10 high edit box. However when they are editing their home topic, they will get a 20 high edit box. Local can be used wherever a preference needs to take a different value depending on where the current operation is being performed.

Use this powerful feature with great care! %ALLVARIABLES% can be used to get a listing of the values of all variables in their evaluation order, so you can see variable scope if you get confused.

Frequently Used Preferences Variables

The following preferences variables are frequently used. They are defined in TWiki Preferences#Miscellaneous Settings:

There are additional useful preferences variables defined in TWiki Preferences, in Main.TWiki Preferences, and in Web Preferences of every web.

Predefined Variables

Most predefined variables return values that were either set in the configuration when TWiki was installed, or taken from server info (such as current username, or date and time). Some, like %SEARCH%, are powerful and general tools.

This version of TWiki - TWiki-4.2.3, Wed, 06 Aug 2008, build 17396 - predefines the following variables:

ACTIVATEDPLUGINS -- list of currently activated plugins

ALLVARIABLES -- list of currently defined TWikiVariables

AQUA -- start aqua colored text

ATTACHURL -- full URL for attachments in the current topic

ATTACHURLPATH -- path of the attachment URL of the current topic

AUTHREALM -- authentication realm

BASETOPIC -- base topic where an INCLUDE started

BASEWEB -- base web where an INCLUDE started

BB -- bullet with line break

BB2 -- level 2 bullet with line break

BB3 -- level 3 bullet with line break

BB4 -- level 4 bullet with line break

BLACK -- start black colored text

BLUE -- start blue colored text

BR -- line break

BROWN -- start brown colored text

BULLET -- bullet character

CALC{"formula"} -- add spreadsheet calculations to tables and outside tables

CARET -- caret symbol

COMMENT{ attributes } -- insert an edit box into the topic to easily add comments.

DATE -- signature format date

DISPLAYTIME -- display date and time

DISPLAYTIME{"format"} -- formatted display time

EDITACTION -- Selects an edit template

EDITTABLE{ attributes } -- edit TWiki tables using edit fields and other input fields

ENCODE{"string"} -- encodes a string to HTML entities

ENDCOLOR -- end colored text

ENDSECTION{"name"} -- marks the end of a named section within a topic

ENV{"varname"} -- inspect the value of an environment variable

FAILEDPLUGINS -- debugging for plugins that failed to load, and handler list

FORMFIELD{"fieldname"} -- renders a field in the form attached to some topic

GMTIME -- GM time

GMTIME{"format"} -- formatted GM time

GRAY -- start gray colored text

GREEN -- start green colored text

GROUPS -- a formatted list of groups

H -- help icon

HOMETOPIC -- home topic in each web

HTTP -- get HTTP headers

HTTP_HOST -- environment variable

HTTPS -- get HTTPS headers

I -- idea icon

ICON{"name"} -- small documentation graphic or icon of common attachment types

ICONURL{"name"} -- URL of small documentation graphic or icon

ICONURLPATH{"name"} -- URL path of small documentation graphic or icon

IF{"condition" ...} -- simple conditionals

INCLUDE{"page"} -- include other topic or web page

INCLUDINGTOPIC -- name of topic that includes current topic

INCLUDINGWEB -- web that includes current topic

LANGUAGE -- current user's language

LANGUAGES -- list available TWiki languages

LIME -- start lime colored text

LOCALSITEPREFS -- web.topicname of site preferences topic

LOGIN -- present a full login link

LOGOUT -- present a full logout link

M -- moved to... icon

MAINWEB -- synonym for USERSWEB

MAKETEXT -- creates text using TWiki's I18N infrastructure

MAROON -- start maroon colored text

META -- displays meta-data

METASEARCH -- special search of meta data

N -- "new" icon

NAVY -- start navy blue colored text

NOP -- template text not to be expanded in instantiated topics

NOTIFYTOPIC -- name of the notify topic

OLIVE -- start olive green colored text

ORANGE -- start orange colored text

P -- pencil icon

PINK -- start pink colored text

PLUGINDESCRIPTIONS -- list of plugin descriptions

PLUGINVERSION -- the version of a TWiki Plugin, or the TWiki Plugins API

PUBURL -- the base URL of attachments

PUBURLPATH -- the base URL path of attachments

PURPLE -- start purple colored text

Q -- question icon

QUERYPARAMS -- show paramaters to the query

Sequence: Expands To:
$name Name of the parameter
$value String value of the parameter. Multi-valued parameters will have a "row" for each value.
$n or $n() New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar
$nop or $nop() Is a "no operation". This variable gets removed; useful for nested search
$quot Double quote (") (\" also works)
$percnt Percent sign (%)
$dollar Dollar sign ($)

QUERYSTRING -- full, unprocessed string of parameters to this URL

RED -- start red colored text

REMOTE_ADDR -- environment variable

REMOTE_PORT -- environment variable

REMOTE_USER -- environment variable

RENDERLIST -- render bullet lists in a variety of formats

REVINFO -- revision information of current topic

REVINFO{"format"} -- formatted revision information of topic

S -- red star icon

SCRIPTNAME -- name of current script

SCRIPTSUFFIX -- script suffix

SCRIPTURL -- base URL of TWiki scripts

SCRIPTURL{"script"} -- URL of TWiki script

SCRIPTURLPATH -- base URL path of TWiki scripts

SCRIPTURLPATH{"script"} -- URL path of TWiki script

SEARCH{"text"} -- search content

SERVERTIME -- server time

SERVERTIME{"format"} -- formatted server time

SESSIONID -- unique ID for this session

SESSIONVAR -- name of CGI and session variable that stores the session ID

SESSION_VARIABLE -- get, set or clear a session variable

SILVER -- start silver colored text

SLIDESHOWEND -- end slideshow

SLIDESHOWSTART -- convert a topic with headings into a slideshow

SPACEDTOPIC -- topic name, spaced and URL-encoded deprecated

SPACEOUT{"string"} -- renders string with spaces inserted in sensible places

STARTINCLUDE -- start position of topic text if included

STARTSECTION -- marks the start of a section within a topic

STATISTICSTOPIC -- name of statistics topic

STOPINCLUDE -- end position of topic text if included

SYSTEMWEB -- name of TWiki documentation web

T -- tip icon

TABLE{ attributes } -- control attributes of tables and sorting of table columns

TEAL -- start teal colored text

TOC -- table of contents of current topic

TOC{"Topic"} -- table of contents

TOPIC -- name of current topic

TOPICLIST{"format"} -- topic index of a web

TOPICURL -- shortcut to viewing the current topic

TWIKIWEB -- synonym for SYSTEMWEB

U -- "updated" icon

URLPARAM{"name"} -- get value of a URL parameter

USERINFO{"name"} -- retrieve details about a user

USERNAME -- your login username

USERSWEB -- name of users web

VAR{"NAME" web="Web"} -- get a preference value from another web

VBAR -- vertical bar

WEB -- name of current web

WEBLIST{"format"} -- index of all webs

WEBPREFSTOPIC -- name of web preferences topic

WHITE -- start white colored text

WIKIHOMEURL -- site home URL

WIKINAME -- your Wiki username

WIKIPREFSTOPIC -- name of site-wide preferences topic

WIKITOOLNAME -- name of your TWiki site

WIKIUSERNAME -- your Wiki username with web prefix

WIKIUSERSTOPIC -- name of topic listing all registers users

WIKIVERSION -- the version of the installed TWiki engine

X -- warning icon

Y -- "yes" icon

YELLOW -- start yellow colored text

Back to top

TWiki Formatted Search

Inline search feature allows flexible formatting of search result

The default output format of a %SEARCH{...}% is a table consisting of topic names and topic summaries. Use the format="..." parameter to customize the search result. The format parameter typically defines a bullet or a table row containing variables, such as %SEARCH{ "food" format="| $topic | $summary |" }%. See %SEARCH{...}% for other search parameters, such as separator="".

Syntax

Two parameters can be used to specify a customized search result:

1. header="..." parameter

Use the header parameter to specify the header of a search result. It should correspond to the format of the format parameter. This parameter is optional.
Example: header="| *Topic:* | *Summary:* |"

Variables that can be used in the header string:

Name: Expands To:
$web Name of the web
$n or $n() New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar
$nop or $nop() Is a "no operation". This variable gets removed; useful for nested search
$quot Double quote (") (\" also works)
$percnt Percent sign (%)
$dollar Dollar sign ($)

2. format="..." parameter

Use the format parameter to specify the format of one search hit.
Example: format="| $topic | $summary |"

Variables that can be used in the format string:

Name: Expands To:
$web Name of the web
$topic Topic name
$topic(20) Topic name, "- " hyphenated each 20 characters
$topic(30, -<br />) Topic name, hyphenated each 30 characters with separator "-<br />"
$topic(40, ...) Topic name, shortended to 40 characters with "..." indication
$parent Name of parent topic; empty if not set
$parent(20) Name of parent topic, same hyphenation/shortening like $topic()
$text Formatted topic text. In case of a multiple="on" search, it is the line found for each search hit.
$locked LOCKED flag (if any)
$date Time stamp of last topic update, e.g. 29 Jul 2010 - 15:00
$isodate Time stamp of last topic update, e.g. 2010-07-29T15:00Z
$rev Number of last topic revision, e.g. 4
$username Login name of last topic update, e.g. jsmith
$wikiname Wiki user name of last topic update, e.g. JohnSmith
$wikiusername Wiki user name of last topic update, like Main.JohnSmith
$createdate Time stamp of topic revision 1
$createusername Login name of topic revision 1, e.g. jsmith
$createwikiname Wiki user name of topic revision 1, e.g. JohnSmith
$createwikiusername Wiki user name of topic revision 1, e.g. Main.JohnSmith
$summary Topic summary, just the plain text, all formatting and line breaks removed; up to 162 characters
$summary(50) Topic summary, up to 50 characters shown
$summary(showvarnames) Topic summary, with %ALLTWIKI{...}% variables shown as ALLTWIKI{...}
$summary(noheader) Topic summary, with leading ---+ headers removed
Note: The tokens can be combined, for example $summary(100, showvarnames, noheader)
$changes Summary of changes between latest rev and previous rev
$changes(n) Summary of changes between latest rev and rev n
$formname The name of the form attached to the topic; empty if none
$formfield(name) The field value of a form field; for example, $formfield(TopicClassification) would get expand