[pmwiki-users] PmWiki 2.1.15 released

Patrick R. Michaud pmichaud at pobox.com
Fri Aug 25 15:33:10 CDT 2006


On Fri, Aug 25, 2006 at 03:25:42PM -0500, Ben Wilson wrote:
> Even though I set $LocalDir before I call Pmwiki.php, it gets reset by
> the explicit setting on Pmwiki.php:49. Thus, when Pmwiki goes looking
> for $LocalDir/config.php, it still only looks for local/config.php. By
> the time it gets around to calling $LocalDir/config.php and looks in
> the wrong place, it's too late.
> 
> Perhaps SDV($LocalDir, "local") would be more appropriate?

It's really intended to be set in the farmconfig.php file.
You can certainly set it there, even if not running multiple
wikis in the "farm".

As a general design principle, I'm not too keen about having PmWiki
accept variable settings that come from outside of the PmWiki
framework (i.e., variables that are set before PmWiki is ever 
executed).  It just seems like too fertile a ground for all sorts 
of security issues.

(In fact, a year or so ago I received a vulnerability report from
one of the security tracking organizations that existed because
of PmWiki's use of SDV() in the preamble section.)

Pm




More information about the pmwiki-users mailing list