[pmwiki-users] adding cookbook script
Patrick R. Michaud
pmichaud at pobox.com
Sun Feb 24 07:32:13 CST 2008
On Sun, Feb 24, 2008 at 07:19:48AM +0000, imoc wrote:
> > some thing with a cookbook list, with check boxes
> >
> > when installing several cookbooks, the process is quite cumbersome and
> > annoying, and a such script should be quite simple (however I'm not
> > able do do it myself)
>
> I'd like to second this. The recipe installation is by now very
> programmer-style, adding a include line, setting some config variables,
> writing some php in a new file...It's all not difficult but not user
> friendly for non-programmer admins.
The problem with using a web-based interface to install cookbook
recipes automatically is that it requires write permission to
the cookbook/ directory. That's a security risk we haven't
wanted to take yet.
This is especially an issue since basically anyone can upload
recipes to the Cookbook.
A similar argument goes for storing parts of config.php into
a wiki page -- it means that someone who is able to modify
those pages somehow can start executing arbitrary scripts
on the server. There may be cases where this would be
okay, but in the general case I think it's too big a
security risk for the core.
Pm
More information about the pmwiki-users
mailing list