[pmwiki-users] adding cookbook script
Christophe David
pmwiki at christophedavid.org
Sun Feb 24 16:19:19 CST 2008
> A similar argument goes for storing parts of config.php into
> a wiki page -- it means that someone who is able to modify
> those pages somehow can start executing arbitrary scripts
> on the server. There may be cases where this would be
> okay, but in the general case I think it's too big a
> security risk for the core.
Maybe an alternative would be to only allow loading (including)
cookbooks from SiteAdmin.Config (no other PHP code). The Farm Admin
could copy to $FarmD/Cookbook all recipes he is prepared to see
running on his farm, and the Field Admin could load them.
Going this route, what about having a markup (:cookbook xyz:) that
would include_once the recipe passed as parameter ? This way, recipes
could be loaded for specific pages, groups, etc.
This markup should have to be enabled by the Farm Admin. When
enabled, the only thing users could do is to load an already approved
cookbook.
Would it not make life easier for many users ?
Christophe
More information about the pmwiki-users
mailing list