[pmwiki-users] cookbooks and security
5ko at 5ko.fr
Tue Jun 9 02:27:56 CDT 2015
I haven't used or reviewed the mentioned recipes. You could check for
any error reports on the *-Talk pages and check how many people use them
at the *-Users pages. Note that Users pages were added in 2009 and not
all recipes have people who added themselves to the Users pages.
I suspect a recipe with larger talk/users pages, and with more releases,
have received more reviews/reports, have been used by more people and
many bugs have been noticed and hopefully fixed. On the other hand, such
recipes tend to be more complex, and it is more difficult to notice bugs
in such recipes.
That said, I invite the readers of the list to participate in the wiki,
to add themselves to the Users pages, to post comments or questions or
ideas for improvements on the Talk pages, so that we know how our
recipes are used. For example, if I release a recipe and nobody comments
it and the Users page is empty, I assume nobody uses it and I can either
stop working on it, or change it substantially without caring about
backwards compatibility (as no one used it).
There are three major changes in recent PHP releases that may break an
One is with the function htmlspecialchars() which may return an empty
string since PHP 5.4, so I added the safe replacement function PHSC()
and recipes should switch to it.
Second is the function crypt() which raises warnings since PHP 5.6 when
used without a salt parameter, so I added a safe replacement function
pmcrypt() and recipes should switch to it.
Third, and most complex, is the deprecation of the preg_replace()
function with an /e flag since PHP 5.5, which has required me to make a
number of additional functions which the recipes could use. For a recipe
to work with PHP 5.5, one may have to change a number of places:
Markup() definitions, $*Patterns definitions and processing, any
preg_replace() call need to be reviewed.
It is great if the author or maintainer of the recipe is active,
otherwise we can help (as long as the software license permits
On 2015-06-07 20:14, jdd wrote:
> On the cookbook page, I notice many cookbooks are old. I as recently
> looking at "columns" cook books (there are two of them), and the two
> are pretty old.
> Is it still possible to use them without problem?
> the column problem is not important 'for me), it's just an example, I
> don't have the knowledge to test the cookbook security (I can test if
> they work).
> Am I too fearful? is there really a risk?
More information about the pmwiki-users