On Sun, Feb 24, 2008 at 11:19:19PM +0100, Christophe David wrote: > > A similar argument goes for storing parts of config.php into > > a wiki page -- it means that someone who is able to modify > > those pages somehow can start executing arbitrary scripts > > on the server. There may be cases where this would be > > okay, but in the general case I think it's too big a > > security risk for the core. > > Maybe an alternative would be to only allow loading (including) > cookbooks from SiteAdmin.Config (no other PHP code). The Farm Admin > could copy to $FarmD/Cookbook all recipes he is prepared to see > running on his farm, and the Field Admin could load them. > > Going this route, what about having a markup (:cookbook xyz:) that > would include_once the recipe passed as parameter ? This way, recipes > could be loaded for specific pages, groups, etc.
- How many cookbook recipes are typically included that don't require any additional configuration or settings? This is not a rhetorical question -- I really don't have a feel for how many times a recipe consists of precisely the steps (1) download script, (2) add include_once() line. - Using a markup like (:cookbook xyz:) to indicate loading a recipe often occurs too late to do any good. Markups aren't processed until after the system has already decided that (1) we are browsing the page and (2) the visitor has read permission to the page. Any recipe that adds new actions, modifies existing actions, changes page security, or otherwise affects page handling will have to be loaded long before we start processing a page's markup. > This markup should have to be enabled by the Farm Admin. When > enabled, the only thing users could do is to load an already approved > cookbook. > > Would it not make life easier for many users ? How many "users" are there who are administering wikis but aren't the farm admin? Pm _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users
