Edit This Link Movable Type cgi-bin Madness

Recently I decided to add some front end editing tags for MT, so that authors on the MT installs I maintain can just click on a link and be taken to the edit screen within Movable Type. This is very convenient, and a big time saver if you end up doing any revisions to your entries. I also want to add edit/delete/de-spam links to comments.

It’s really easy to add the links. It’s a little harder to get the links to show up only for your users. There are a number of solutions proposed, but I was leaning towards using the cookies placed by MT for a quick and dirty validation.

I spent a great deal of time running around in circles trying to get this to work on this page yesterday, until I finally realized that MT was putting a path variable into the cookie that was keeping it from working on my install. Basically, because my install resides in my cgi-bin folder, the default cookie won’t work for the whole domain, only things residing in or under /cgi-bin. That’s a bummer.

So I decided to go and figure out where MT was creating the cookie, and change the path. But first, a trip to Google. All hail google. Someone beat me to it. Flexistentialist.org did the heavy lifting for me and made it pretty much exactly the way I want it. Basically you have to change one of MT libraries called App.pm.

He’s going so far as to match entry authors with their cookies so that the edit tag only shows up on their own posts. That’s not how I’m doing mine. I’m simply giving you the link if you’re in my authors list. Considering you still have to authenticate against MT’s system to make changes, this is as secure as I need it to be.

While his example doesn’t include comment edit links, the same principal applies. If you have a valid user cookie from my domain, you get links offering editing and despamming (with the MT-Blacklist plugin). In case you’re wondering the comment link syntax is:

<$MTCGIPath$>mt.cgi?__mode=view&_type=comment&id=<$MTCommentID$>&blog_id=<$MTBlogID$>

And the MT-Blacklist link code goes like this:

<$MTCGIPath$>mt-blacklist.cgi?__mode=despam&_type=comment&id=<$MTCommentID$>

Put these links in any of your templates that have comments, and you’ve in the money. Now, keep in mind if you want to hide these links using the code from flexistentialist, you’re going to have to be using PHP. But MT doesn’t use PHP for it’s normal comments template. It just uses mt-comments.cgi and an entry id. So how do we hide the links here?

Personally, I don’t think anyone should use mt-comments for viewing comments, they should instead just link to the permalink, calling the comments anchor. This also prevents spammers from harvesting your mt-comments. You can find instructions for how to do this here.

Your other option is simply to pass the mt-comments.cgi results through PHP which involves a lot of work, and I do not recommend it.

Another cool idea is to make an RSS feed for comments on your own blog that includes these edit/despam links. Only your authors would have access to the feed (named and placed somewhere non-obvious).

update: I’m doing this now. It’s so choice. If you have the means, I highly recommend implementing it.