Hello Roger,
What you did is you escaped from running the PHP command to having it
be HTML. This will happen any time you have ?> not escaped in PHP.
It is not a flaw for most PHP use, but it can be if you escape out of
it before showing a password or something similar. To get around
this, move the ?> away from each other.
I hope that this helps,
Kasimir
On 3/7/07, Roger Chrisman <roger(a)rogerchrisman.com> wrote:
I just had a scare...
My LocalSettings.php file *displayed in the browser* at top of any wiki
page view! (Actually I only saw it at top of Main_page and top of
Search results page before I panicked and reverted the edit in
LocalSettings.php that had caused this.)
What happened
---------------------
In LocalSettings.php I had edited my $wgSpamRegex from this:
$wgSpamRegex = "/\<.*style.*?(display|position|overflow|visibility|
height)\s*:.*?>/i";
to this which caused this line and all below it in LocalSettings.php to
show in browser!:
$wgSpamRegex = "/(Tramadol|\<.*style.*?(display|position|overflow|
visibility|height)\s*:.*?>)/i";
Both entries were single lines of course; line breaks here for email.
Did I screwed up the Regex while adding "(Tramadol|" and ")" to it?
Why did the new $wgSpamRegex line and everything below it in
LocalSettings.php show up at top of *wiki page views in browser
(Konqueror) window*?
Luckily my MySQL pw and username are *above* that in LocalSettings.php
so they did not get out.
I'm running the wiki,
http://Wikigogy.org, with default MediaWiki and no
extensions on a commercial web host and viewed it from home in
Konqueror browser.
* MediaWiki: 1.9.2
* PHP: 5.2.1 (cgi)
* MySQL: 4.1.21-standard-log
I keep LocalSettings.php mode 600 and owned my myself.
How did half of it get out?
--
Roger Chrisman :-)
http://Wikigogy.org - free resources
for teachers of English as a second or foreign language
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
http://lists.wikimedia.org/mailman/listinfo/mediawiki-l
--
Kasimir Gabert