[pmwiki-users] Include PHP Script in Page Markup
Thomas -Balu- Walter
list+pmwiki-users at b-a-l-u.de
Thu Aug 10 03:31:32 CDT 2006
On Wed, Aug 09, 2006 at 09:58:22PM +0200, Clemens Gruber wrote:
> Is there a markup like
> (:includephp special-mailform.php:)
>
> to embed a PHP sciipt in a PmWiki page. In the most cases this shouldn't
> be a security risk - even if in an open wiki - when to user is not able
> to load a own script to the server. Can anybody help me?
It might get one though. PHP allows to include files from other
webservers using include('http://...'). So you'd have to do some sanity
checks to make sure it's only a filename and that it might be loaded
only from a special directory?
Balu
More information about the pmwiki-users
mailing list