Extension:SecurePHP

From MediaWiki.org

Jump to: navigation, search
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job.
For further details, see Security issues with authorization extensions


         

Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png
SecurePHP

Release status: stable
Implementation  Tag, User rights
Description Provides secure execution of PHP code embedded in 'runphp' tagged section.
Author(s)  Jean-Lou Dupont
Last Version  1.0.1
MediaWiki  1.10 1.11, 1.12
License No license specified
Download SVN
See SVN ($Id: SecurePHP.php 782 2007-09-16 01:22:37Z jeanlou.dupont $)

check usage (experimental)

Contents

[edit] Purpose

Provides secure execution of PHP code embedded in 'runphp' tagged section.

[edit] Features

  • Security: page must either
    • Be protected on 'edit'
    • Current user editing the page must have the 'coding' right
    • Or, lastly, the last contributor to the page has the 'coding' right

[edit] Usage

<runphp> php code here </runphp>

[edit] Security Note

  • It is advisable to use 'cascading protection'
  • When page protection is not relied on to provide protection and consequently only the last contributor's right acts as protection measure, it is advised to use considerable care when using templates on the same page.

[edit] Dependency



[edit] Installation

See the Mediawiki Extension table entry "download" above.[1]

[edit] LocalSettings.php

Extension:ExtensionManager: See footnote[2]

require_once( "$IP/extensions/SecurePHP/SecurePHP.php" );

[edit] PEAR

PEAR is a repository of en:PHP software code.

pear channel-discover mediawiki.googlecode.com/svn
  • Install extension through PEAR:
pear install mediawiki/SecurePHP
  • Add the following to LocalSettings.php[2][3]:
require 'MediaWiki/SecurePHP/SecurePHP.php';
  • Note that the required version of PEAR must be respected. Currently, the minimum version of PEAR usable with this channel is v1.6.2. Perform the following command to upgrade to the latest version of PEAR:
pear upgrade pear

[edit] Upgrades through PEAR

Sometimes, it is necessary to clear PEAR's cache in order to perform upgrades.

pear clear-cache

or use the force method:

pear upgrade --force mediawiki/SecurePHP

[edit] PEAR Web Frontend

For easier remote package management, PEAR Frontend WEB can be installed. Installation notes can be found here. An example of the WEB frontend is available here.

[edit] RSS feed

To keep kept up-to-date with this channel, use the following RSS feed__Rss2.jpg.

[edit] Notes

[edit] Other Extensions From the same author

Consult User Jldupont's page.

  1. The most recent release is always available through the extension's PEAR and SVN repositories. This page is not necessarily up-to-date.
  2. 2.0 2.1 2.2 Extension:ExtensionManager does not require any modification to LocalSettings.php because ExtensionManager includes the extension.
    Note that if PHP code caching is in place (e.g. APC, eAccelerator), then to successfully complete the installation a cache flush might be needed.
  3. Modifications to LocalSettings.php is only necessary if not using Extension:ExtensionManager

[edit] History

  • Moved to MediaWiki on GoogleCode project
  • Standardized entry point; now, always SecurePHP.php whatever installation method.

[edit] Sites using this extension

Retrieved from "http://www.mediawiki.org/wiki/Extension:SecurePHP"