[RULE] Inclusion of php scripts in SPIP CMS?

rule-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[RULE] Inclusion of php scripts in SPIP CMS?

From:	M. Fioretti
Subject:	[RULE] Inclusion of php scripts in SPIP CMS?
Date:	Sun, 21 Mar 2004 20:26:33 +0100
User-agent:	Mutt/1.4i

On Sat, Mar 20, 2004 17:55:19 PM +0100, C David Rigby (address@hidden) wrote:
> Good (UTC+1) to everybody,
> 
> As previously threatened, I have written a report about a CMS called
> SPIP that can be accessed on the testing server here:
> 
> http://rule-test.homelinux.org/SPIP-report.html
> 

David (and Rodolfo)

The report above says:

>For authors of articles, there is also a set of formatting
>"shortcuts" that allow the inclusion of basic text markup
>(highlighting, headings, tables, etc.)  without use of HTML. However,
>for the author that desires to use full HTML, the formatting
>shortcuts can be escaped by a specific tag that indicates to the
>formatting engine to pass the data to the webserver without
>modification.

The current structure today does embed some PHP scripts in this way:
if the ascii source code has a line like:

##INSERT(scripts/phpscripts/show_home.php)

where show_home.php is a piece of php code which queries the mysql
database to display the three latest news, pages, sw entries.

the .txt -> .php cron converter replaces that line with the content of
that file (which is *outside* the public_html directory, ie can be
uploaded only via ssh today). Maybe we could do the same thing in
SPIP, ie patch it in some way that allows php stuff to be inserted
only if it is already on the server in some private area. Consider
that such scripts will need to be updated /created much less often
than everything else in the page containing them, so it shouldn't be
an hassle if they have to be uploaded the "old" (scp) way.

This would still leave coauthors free to add the same (already
existing) scripts in other/new pages, but that shouldn't be a security
hole, should it?

What do you think?

Ciao,
        Marco Fioretti
--
Marco Fioretti m.fioretti, at the server inwind.it
Red Hat for low memory http://www.rule-project.org/en/

It's not the hours you put in your work that counts, it's the work you
put in the hours.                                            Sam Ewing

[Prev in Thread]

Current Thread

[Next in Thread]

[RULE] Inclusion of php scripts in SPIP CMS?, M. Fioretti <=
- Re: [RULE] Inclusion of php scripts in SPIP CMS?, C David Rigby, 2004/03/22
  - Re: [RULE] Inclusion of php scripts in SPIP CMS?, M. Fioretti, 2004/03/22

Prev by Date: Re: Deadlines & Commitments [Was: Re: [RULE] The SPIP CMS as the basis for a RULE-project website]
Next by Date: Re: [RULE] Inclusion of php scripts in SPIP CMS?
Previous by thread: [RULE] Structure of slinky filesystem/bin folder
Next by thread: Re: [RULE] Inclusion of php scripts in SPIP CMS?
Index(es):
- Date
- Thread