[pmwiki-users] including the contents of a php file on a wiki page
Peter & Melodye Bowers
pbowers at pobox.com
Tue Dec 4 11:08:36 CST 2007
Sent this out several days ago - did anybody have any ideas? Is it just my
configuration that's making life difficult or is this a problem elsewhere?
-Peter
_____
From: Peter & Melodye Bowers [mailto:pbowers at pobox.com]
Sent: Wednesday, November 28, 2007 10:44 PM
To: pmwiki-users at pmichaud.com
Cc: SentN (sentn at ccl-al.org); Peter Gmail Bowers (plbowers at gmail.com)
Subject: including a php file
I've been thinking that it would be very helpful for pmwiki authors if it
was possible to see the customizations that lay behind a certain page, so I
could see not only the wiki text but also the PHP code that lays behind it.
For instance, while I was trying to figure out how to do forms with a GET
method it would have been very nice to see someone else's underlying php
which enabled it. However, I'm having difficulty implementing the
capability of displaying PHP code on a wiki page - it seems that any PHP
code always gets eval'd rather than being displayed verbatim.
I've tried several permutations off of the (:includeurl .:) code. But first
I altered it to includeMYurl and hardcoded the filename to help with
security.
2 questions:
(1) Would (:includemyurl:) with a hardcoded php filename (or perhaps not
hardcoded but only showing the relevant customizing script) still be a
security risk?
(2) What do I need to do to include the file as text rather than having it
be eval'd?
You can take a look at
http://www.ccl-al.org/pmwiki/pmwiki.php?n=Test.IncludeMyURL to see 10 of the
various attempts I've made. As best I can make out both file() and
file_get_contents() evaluate php code if it comes from a *.php file rather
than just reading the contents (i.e., source code) of said file. Does that
sound right?! If I rename the *.php file to *.txt then it all works fine.
Anybody have any ideas?
-Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20071204/2123f9d4/attachment.html
More information about the pmwiki-users
mailing list