[pmwiki-users] Include PHP Script in Page Markup
Clemens Gruber
cgruber at uni-osnabrueck.de
Thu Aug 10 04:25:16 CDT 2006
Thomas -Balu- Walter wrote:
>On Wed, Aug 09, 2006 at 09:58:22PM +0200, Clemens Gruber wrote:
>
>
>>Is there a markup like
>>(:includephp special-mailform.php:)
>>
>>to embed a PHP sciipt in a PmWiki page. In the most cases this shouldn't
>>be a security risk - even if in an open wiki - when to user is not able
>>to load a own script to the server. Can anybody help me?
>>
>>
>
>It might get one though. PHP allows to include files from other
>webservers using include('http://...'). So you'd have to do some sanity
>checks to make sure it's only a filename and that it might be loaded
>only from a special directory?
>
Hi Balu,
thats not the problem. The PHP scirpt is on the same server. And you can
disable the including form other Server in the Apache config. The
problem is the markup code for something like
(:includephp script.php:)
Clemens
More information about the pmwiki-users
mailing list