[Pmwiki-users] calculating directives ?
Patrick R. Michaud
pmichaud
Sun Jun 20 09:05:33 CDT 2004
On Wed, Jun 16, 2004 at 10:09:41PM +0200, Knut Alboldt wrote:
> I like PmWiki as a allround publishing tool. I even experiment at my
> "home"-wiki to use it to hold addresses and writing letters :-)
>
> I thought of writing a cookbook-recipe to implement pmwiki-directives to do
> inline calculations e.g.
>
> I thought of evaluating php-functions for the expressions and assignments
> maybe added by some user-written php-functions
Keep in mind that evaluating arbitrary php functions using eval()
is a Very Bad Thing if you're allowing other authors to edit pages.
For example, you probably don't want to let someone eval a string like
0+3*system('rm -rf wiki.d')
Continuing on, "user-written php functions" (where "user" means "author")
is likely a Very Very Bad Idea -- you're basically giving authors
the ability to execute arbitrary scripts on your server.
Pm
More information about the pmwiki-users
mailing list