DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:phprestrict

This is an old revision of the document!


phprestrict Plugin

Compatible with DokuWiki

  • 2018-04-22 "Greebo" unknown
  • 2017-02-19 "Frusterick Manners" unknown
  • 2016-06-26 "Elenor Of Tsort" yes
  • 2015-08-10 "Detritus" yes

plugin Restrict PHP inclusion to pages by namespace or name

Last updated on
2016-06-07
Provides
Action
Repository
Source

Tagged with php, security

Installation

Install the plugin using the Plugin Manager and the download URL above, which points to latest version of the plugin. Refer to Plugins on how to install plugins manually.

Examples/Usage

A simple action plugin that overrides the current DokuWiki Allow-PHP mechanism and allows you to enable PHP on specific pages and namespaces. You can also disable the ability to view the source of PHP-enabled pages.

Configuration and Settings

Use the configuration manager to specify the pages and namespaces you want PHP to be permitted on, and use the ACL to define what users have the ability to accidentally delete your wiki (grin).

In the plugin»phprestrict»paths field, enter one or more paths, separated by commas or newlines. PHP will only be permitted if the page matches one of the paths.

  • namespace:pagename – permits PHP on a specific page in a namespace
  • namespace:prefix* – permits PHP on a range of pages in a namespace.
  • namespace: – permits PHP on all pages in a namespace.

The plugin»phprestrict»hide setting lets you disable view-source, export and revision history on pages where PHP is enabled (whether or not they actually have PHP on them). This is the default since you don't want people reading your code.

Change Log

  • 2016-05-30
    • Initial release
  • 2016-06-07
    • 1.1; minor cleanups, added disabling of revision history. Fixed problem with extra level of folder nesting in the GIT repository (newbie mistake)

FAQ

Discussion

This is my first DokuWiki plugin. Your feedback is appreciated.

2016-09-14 (Wild Dagger) : Hello, many thanks for this plug-in !!!! I expected this kind of extension. Is it possible to develop a disabling some php functions ? (I think “phpinfo();” for example)

2016-09-14 (MadOverlord) : I don't know if is possible, and it is a bit out of scope. The whole point of the plugin is that it lets you restrict who can use PHP by specifying where PHP is allowed and then using the ACL to restrict who can edit those pages. If you let a bad-actor have access to PHP, having them be able to execute phpinfo(); is the least of your problems!

2016-09-14 (Wild Dagger) : Thank you for the quick response, how can we help translate the extension ?

plugin/phprestrict.1473858128.txt.gz · Last modified: 2016-09-14 15:02 by 81.67.68.4