[Mediawiki-l] PHP code inclusion

Taneem A T thezeropoint at gmail.com
Tue Nov 9 15:21:25 UTC 2004


Hello all,

This discussion took place a while ago, and we all agreed that while
the given code hack allows for easy PHP code inclusion in a wiki it's
hugely unsafe.

So I was thinking, could we modify the hack so that you couldn't put
in PHP directly into the Wiki but you could include an external PHP
file whose code would be executed?

That way, if you restricted include files to only originate from the
same directory or a subdirectory below the wiki only you as the admin
would be able to create any PHP code. Others on the wiki could still
include and execute the code, but you would be the only one to be able
to create or modify  it. So it's safer.

Does this make sense?

Thanks,
Taneem A. Talukdar


On Tue, 26 Oct 2004 13:52:04 -0700, shane freese <shane.freese at gmail.com> wrote:
> I simply used what was linked to by Rowan.  I added this function to
> the bottom of Setup.php.  It works just as I needed.
> 
> 
> 
> function ParsePHPTag($Content)
> {
>  global $wgOut;
>  $wgOut->enableClientCache(false);
>  ob_start();
>  eval($Content);
>  $Result = ob_get_contents();
>  ob_end_clean();
>  return($Result);
> }
> $wgParser->setHook('php','ParsePHPTag');
> 
> I then just use the newly created <php></php> tags to include my php
> script.  This does pose a security risk so I wouldn't use it on an
> open wiki, however my site isn't a wiki per say I just like the
> flexibility of MediaWiki.
> 
> Shane
> 
> On Tue, 26 Oct 2004 15:33:48 -0400, Jamie Bliss
> 
> 
> <astronouth7303 at gmail.com> wrote:
> > One thing I might try is to insert it into the skins, as opposed to
> > the wikitax itself, if possible. or try the above ideas to get it in
> > the code. (Locking a template containing a link to some script and
> > using that with some php outputting javascript would probably be the
> > easiest).
> >
> >
> >
> >
> > On Sun, 24 Oct 2004 21:09:29 -0700, shane freese <shane.freese at gmail.com> wrote:
> > > Hello all,
> > >
> > > I am trying to figure out a way to include a PHP script within either
> > > my template (under navigation) or in a wiki page.
> > >
> > > 2 thing I am trying to accomplish.
> > >
> > > 1.  Parse a RSS feed from another site to display it on mine.
> > >
> > > 2.  Put the latest Forum posts from my boards on the wiki main page.
> > >
> > > Can these be accomplished?  I've been pulling my hair out for 3 hours
> > > now and haven't come up with a solution.
> > >
> > > Thanks,
> > >
> > > Shane
> > > _______________________________________________
> > > MediaWiki-l mailing list
> > > MediaWiki-l at Wikimedia.org
> > > http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
> > >
> >
> >
> > --
> > -------------------------------------------------------------------
> > http://endeavour.zapto.org/astro73/
> > Thank you to JosephM for inviting me to Gmail!
> >
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at Wikimedia.org
> http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
>



More information about the MediaWiki-l mailing list