[pmwiki-users] including the contents of a php file on a wiki page

Peter & Melodye Bowers pbowers at pobox.com
Tue Dec 4 11:08:36 CST 2007 

Sent this out several days ago - did anybody have any ideas?  Is it just my
configuration that's making life difficult or is this a problem elsewhere?

 

-Peter

 

  _____  

From: Peter & Melodye Bowers [mailto:pbowers at pobox.com] 
Sent: Wednesday, November 28, 2007 10:44 PM
To: pmwiki-users at pmichaud.com
Cc: SentN (sentn at ccl-al.org); Peter Gmail Bowers (plbowers at gmail.com)
Subject: including a php file

 

I've been thinking that it would be very helpful for pmwiki authors if it
was possible to see the customizations that lay behind a certain page, so I
could see not only the wiki text but also the PHP code that lays behind it.
For instance, while I was trying to figure out how to do forms with a GET
method it would have been very nice to see someone else's underlying php
which enabled it.  However, I'm having difficulty implementing the
capability of displaying PHP code on a wiki page - it seems that any PHP
code always gets eval'd rather than being displayed verbatim.

 

I've tried several permutations off of the (:includeurl .:) code.  But first
I altered it to includeMYurl and hardcoded the filename to help with
security.

 

2 questions:

(1) Would (:includemyurl:) with a hardcoded php filename (or perhaps not
hardcoded but only showing the relevant customizing script) still be a
security risk?

(2) What do I need to do to include the file as text rather than having it
be eval'd?

 

You can take a look at
http://www.ccl-al.org/pmwiki/pmwiki.php?n=Test.IncludeMyURL to see 10 of the
various attempts I've made.  As best I can make out both file() and
file_get_contents() evaluate php code if it comes from a *.php file rather
than just reading the contents (i.e., source code) of said file.  Does that
sound right?!  If I rename the *.php file to *.txt then it all works fine.

 

Anybody have any ideas?

 

-Peter



-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20071204/2123f9d4/attachment.html

More information about the pmwiki-users mailing list