[pmwiki-users] How to embed php code

Lucian Wischik lu.gmane at wischik.com
Wed Dec 13 15:49:29 CST 2006


Patrick R. Michaud <pmichaud <at> pobox.com> writes:
> First, I have to point out that enabling inline PHP in markup is
> REALLY DANGEROUS.
> Still, if you want inline PHP and are willing to take the risks, the 
> code below will add a <?php ... ?> markup

I used the following precaution to disable anyone using (:html:) unless they
had admin privileges. Maybe you could adapt it for your php markup as well.

array_unshift($EditFunctions, 'MaybeDisableEmbedhtml');
function MaybeDisableEmbedhtml($pagename,&$page,&$new)
{ if (!CondAuth($pagename,"admin"))
  { $ROSPatterns["/\\(:html:\\)/i"] = "[:html:]";
    $ROSPatterns["/\\(:htmlend:\\)/i"] = "[:htmlend:]";
  }
}

Note: this code seems to work! but I haven't done a serious security audit on it.



clarification: I didn't disable *the people* using (:html:)! That'd be
cruel. I only disabled their use of it...

-- 
Lucian







More information about the pmwiki-users mailing list