On 30/06/2009, at 9:42 PM, Aryeh Gregor wrote:
On Tue, Jun 30, 2009 at 4:25 PM, Brion
IMO by the time you've implemented your
whitelisting parser you
well just interpret it rather than eval()ing.
I don't think so. You'd
only have to do the whitelisting once, on
page save. After that you could just execute with no extra overhead.
That's just scary. We'd definitely want to do the validation as close
as possible to the actual eval()ing, to minimise backdoors like
Special:Import et al.
Executing PHP from apache-writable files saved on disk is also a
The original implementation of the MonoBook skin used the TAL templating
language, which was compiled into executable PHP at runtime and stored
in /tmp so it could be cached for the next view.
In addition to difficulties with hosts which had misconfigured /tmp
directories, we found that people sharing their hosts with
poorly-secured WordPress installations would end up finding their wikis
hacked -- worms exploiting vulnerabilities in other PHP apps would hop
around the system modifying any .php files they could write to...
including the cached PHPTAL templates.