[RULE] Inclusion of php scripts in SPIP CMS?

M. Fioretti m.fioretti at inwind.it
Sun Mar 21 21:26:33 EET 2004

Previous message: [RULE] Structure of slinky filesystem/bin folder
Next message: [RULE] Inclusion of php scripts in SPIP CMS?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Mar 20, 2004 17:55:19 PM +0100, C David Rigby  cdrigby at 9online.fr  wrote:
> Good (UTC+1) to everybody,
> 
> As previously threatened, I have written a report about a CMS called
> SPIP that can be accessed on the testing server here:
> 
> http://rule-test.homelinux.org/SPIP-report.html
> 

David (and Rodolfo)

The report above says:

>For authors of articles, there is also a set of formatting
>"shortcuts" that allow the inclusion of basic text markup
>(highlighting, headings, tables, etc.)  without use of HTML. However,
>for the author that desires to use full HTML, the formatting
>shortcuts can be escaped by a specific tag that indicates to the
>formatting engine to pass the data to the webserver without
>modification.

The current structure today does embed some PHP scripts in this way:
if the ascii source code has a line like:

##INSERT(scripts/phpscripts/show_home.php)

where show_home.php is a piece of php code which queries the mysql
database to display the three latest news, pages, sw entries.

the .txt -> .php cron converter replaces that line with the content of
that file (which is *outside* the public_html directory, ie can be
uploaded only via ssh today). Maybe we could do the same thing in
SPIP, ie patch it in some way that allows php stuff to be inserted
only if it is already on the server in some private area. Consider
that such scripts will need to be updated /created much less often
than everything else in the page containing them, so it shouldn't be
an hassle if they have to be uploaded the "old" (scp) way.

This would still leave coauthors free to add the same (already
existing) scripts in other/new pages, but that shouldn't be a security
hole, should it?

What do you think?

Ciao,
	Marco Fioretti
--
Marco Fioretti mfioretti
Red Hat for low memory www.rule-project.org

It's not the hours you put in your work that counts, it's the work you
put in the hours.                                            Sam Ewing

_______________________________________________
Original home page of the RULE project: www.rule-project.org
Original Rule Development Site http://savannah.gnu.org/projects/rule/
Original RULE mailing list: Rule-list at nongnu.org, hosted at http://mail.nongnu.org/mailman/listinfo/rule-list

Previous message: [RULE] Structure of slinky filesystem/bin folder
Next message: [RULE] Inclusion of php scripts in SPIP CMS?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This full static mirror of the Run Up to Date Linux Everywhere Project mailing list, originally hosted at http://lists.hellug.gr/mailman/listinfo/rule-list, is kept online by Free Software popularizer, researcher and trainer Marco Fioretti. To know how you can support this archive, and Marco's work in general, please click here