Extension:PHPTemplates
 Release status: experimental |
|||
|---|---|---|---|
| Implementation | Tag | ||
| Description | allows execution of PHP code embedded in pages | ||
| Last version | 0.1dev | ||
| MediaWiki | 1.19svn | ||
| PHP | 5.2.13 | ||
| License | GPL 3 | ||
| Download | Project page |
||
|
|||
|
|||
|
Check usage (experimental) |
|||
Contents |
[edit] What can this extension do?
This extension allows you to embed white-listed PHP code in pages. Why the misnomer "PHPTemplates"? Because ultimately for reviewing code similar to Extension:FlaggedRevs, it would be nice to limit PHPTemplates's scope to templates starting with <?php. However, it is much easier at this time to plug into the MediaWiki parser via the general tag hook.
[edit] Usage
<phpcode>$a=$b+$c;echo($a);</phpcode>
That's all at this moment (yes, it will output "0"). The PHP grammar is rather complex, and trimming it down takes time.
[edit] Download instructions
Please copy and paste the code found at GitHub and place it under $IP/extensions/PHPTemplates/. Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.
[edit] Installation
To install this extension, add the following to LocalSettings.php:
require_once("$IP/extensions/PHPTemplates/PHPTemplates.php");
[edit] Limiting your users' freedom =
You can enhance PHPTemplates to somewhat cap the resources used. Duly note that enhancing in this context means amending the grammar and generating a new parser.
[edit] Validation
While parsing the source, you can count the number of statements and their levels of nesting and require that certain limits are not exceeded.
[edit] Runtime
Instead of just validating the source, you can amend it on the fly and transform for example:
while (true);
to:
while (wfAbortIfResourcesLimitExceeded () && (true));
There will probably be some bombs that cannot be guarded against this way, but it should cover most common mistakes.
