[pmwiki-users] ZAP nearly ready...
Patrick R. Michaud
pmichaud at pobox.com
Sun Oct 22 13:30:31 CDT 2006
On Sun, Oct 22, 2006 at 01:27:52PM -0400, The Editor wrote:
> After several weeks of intensive work and a good number of
> breakthroughs, ZAP is nearing its official release. A stripped down
> "lite" version will also be available. A couple quick questions
> though...
>
> 1) If I'm using PageUpdate for all file changes, do I need to worry
> about using htmlspecialchars? My assumptions is PmWiki takes care of
> all that for me.
That would be an incorrect assumption. PmWiki's built in markups
are okay, but if ZAP adds any markups that produce output from
user-contributed source data, ZAP needs to be handling htmlspecialchars.
> 2) I have these lines in my code, yet I'm still getting slashes. Any
> suggestions?
>
> foreach ($_POST as $field => $value) {
> if (get_magic_quotes_gpc()) $_POST[$field] = stripslashes($value);
I have no idea here. Are the slashes showing up in the data file
or in the output from the markup?
> 3) I'd like to start adding some VERY simple calculating capabilities
> in ZAP, and was wondering if there was a way to take a post value like
> "+ 7" and in a form and execute something like $x = $x + 7; in the
> recipe. Some way to execute php commands contained in a string.
There's the PHP eval() function, but it's _very_ dangerous.
Pm
More information about the pmwiki-users
mailing list