[pmwiki-users] How to embed php code
Lucian Wischik
lu.gmane at wischik.com
Wed Dec 13 15:49:29 CST 2006
Patrick R. Michaud <pmichaud <at> pobox.com> writes:
> First, I have to point out that enabling inline PHP in markup is
> REALLY DANGEROUS.
> Still, if you want inline PHP and are willing to take the risks, the
> code below will add a <?php ... ?> markup
I used the following precaution to disable anyone using (:html:) unless they
had admin privileges. Maybe you could adapt it for your php markup as well.
array_unshift($EditFunctions, 'MaybeDisableEmbedhtml');
function MaybeDisableEmbedhtml($pagename,&$page,&$new)
{ if (!CondAuth($pagename,"admin"))
{ $ROSPatterns["/\\(:html:\\)/i"] = "[:html:]";
$ROSPatterns["/\\(:htmlend:\\)/i"] = "[:htmlend:]";
}
}
Note: this code seems to work! but I haven't done a serious security audit on it.
clarification: I didn't disable *the people* using (:html:)! That'd be
cruel. I only disabled their use of it...
--
Lucian
More information about the pmwiki-users
mailing list