Extension:NukeHtmlPhp
From MediaWiki.org
 Release status: unknown |
|
|---|---|
| Implementation | Tag, Page action |
| Description | This extension enables the conditional removal replacement of the following tags <html> <php> <runphp> from article being saved. Potential security issues can thus be managed. |
| Author(s) | Jean-Lou Dupont |
| Download | see below |
| Hooks used | |
Up to date information on this extension can be found at: [1] The update provides better integration with other extensions:
[edit] Purpose
This extension enables the conditional removal replacement of the following tags <html> <php> <runphp> from article being saved. Potential security issues can thus be managed.
[edit] Other Options
- For handling native HTML inclusion more securely (and more conveniently), please see Extension:SecureHTML.
[edit] Source Code
<?php # NukeHtmlPhp Mediawiki Extension # ------------------------------- # Author: Jean-Lou Dupont # This extension implements a "hook" on the "ArticleSave" event # in order to 'nuke' any <html>, <php> or <runphp> tags # found to be entered by members without the 'coding' right. # To activate the extension, include it from your "LocalSettings.php" # with: include("extensions/nukeHtmlPhp.php"); # Also, specify which group(s) have the 'coding' right e.g: # $wgGroupPermissions['user']['coding'] = false; # $wgGroupPermissions['sysop']['coding'] = true; # --------------------------------- $wgHooks['ArticleSave'][] = 'fnNukeHtmlPhpHook'; function fnNukeHtmlPhpHook(&$article, &$user, &$text, &$summary, $minor, $watch, $sectionanchor, &$flags) { #First, check if User has "coding" permission if ($user->isAllowed('coding')!='true') { #If not, "nuke" all HTML, PHP and RUNPHP tags $text=str_ireplace("html>","ehtml>",$text); # case with <php>article_title</php> --> <ephp>{{article_title}}</ephp> $text=str_ireplace("<php>","<ephp>{{",$text); $text=str_ireplace("</php>","}}</ephp>",$text); $text=str_ireplace("<runphp>","<erunphp>",$text); $text=str_ireplace("</runphp>","</erunphp>",$text); } return true; } ?>
