[pmwiki-users] including the contents of a php file on a wiki page

[Hans]

Tuesday, December 4, 2007, 6:25:59 PM, Peter & Melodye Bowers wrote:

> Again, I'm interested both in the security ramifications as well as any
> thoughts how to get non-eval'd source included onto a page...

Here is a markup and function for showing file content without
evaluation. No attempt is made to ask for any read authorisation.
You could show any file on your system.

Markup('showsource', 'directives', "/\\(:showsource\\s?(.*?)\\s*?:\\)/e",
                                        "ShowSource(PSS('$1'))");

function ShowSource($filename) {
        $text = htmlspecialchars(file_get_contents($filename));
        return "<pre class='escaped'>".Keep($text)."</pre>";
}


  ~Hans