On Nov 9, 2004, at 7:21 AM, Taneem A T wrote:
This discussion took place a while ago, and we all
agreed that while
the given code hack allows for easy PHP code inclusion in a wiki it's
hugely unsafe.
So I was thinking, could we modify the hack so that you couldn't put
in PHP directly into the Wiki but you could include an external PHP
file whose code would be executed?
If you do, be careful about validating the file name; in some
configurations (eg, by default) PHP will let you include and run code
from an arbitrary URL.
-- brion vibber (brion @
pobox.com)