Tuesday, December 4, 2007, 6:25:59 PM, Peter & Melodye Bowers wrote:
> Again, I'm interested both in the security ramifications as well as any
> thoughts how to get non-eval'd source included onto a page...
Here is a markup and function for showing file content without
evaluation. No attempt is made to ask for any read authorisation.
You could show any file on your system.
Markup('showsource', 'directives', "/\\(:showsource\\s?(.*?)\\s*?:\\)/e",
"ShowSource(PSS('$1'))");
function ShowSource($filename) {
$text = htmlspecialchars(file_get_contents($filename));
return "<pre class='escaped'>".Keep($text)."</pre>";
}
~Hans
_______________________________________________
pmwiki-users mailing list
[email protected]
http://www.pmichaud.com/mailman/listinfo/pmwiki-users
