From MediaWiki.org
Jump to: navigation, search

Other languages:
Deutsch • ‎English • ‎español • ‎日本語 • ‎polski • ‎sicilianu
MediaWiki extensions manualManual:Extensions
Crystal Clear action run.png

Release status:Extension status experimental

ImplementationTemplate:Extension#type Tag
DescriptionTemplate:Extension#description Allows execution of PHP code embedded in pages
Author(s)Template:Extension#username Tim.landscheidttalk
Latest versionTemplate:Extension#version 0.1dev
MediaWikiTemplate:Extension#mediawiki 1.19svn
PHPTemplate:Extension#php 5.2.13
LicenseTemplate:Extension#license GNU General Public License 3.0 or later
Hooks usedTemplate:Extension#hook

Translate the PHPTemplates extension if it is available at translatewiki.net

Check usage and version matrix.

What can this extension do?[edit]

This extension allows you to embed white-listed PHP code in pages. Why the misnomer "PHPTemplates"? Because ultimately for reviewing code similar to Extension:FlaggedRevsExtension:FlaggedRevs, it would be nice to limit PHPTemplates's scope to templates starting with <?php. However, it is much easier at this time to plug into the MediaWiki parser via the general tag hook.



That's all at this moment (yes, it will output "0"). The PHP grammar is rather complex, and trimming it down takes time.

Download instructions[edit]

Please copy and paste the code found at GitHub and place it under $IP/extensions/PHPTemplates/.

Note Note: $IPManual:$IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.phpManual:LocalSettings.php.


To install this extension, add the following to LocalSettings.phpManual:LocalSettings.php:


Limiting your users' freedom[edit]

You can enhance PHPTemplates to somewhat cap the resources used. Duly note that enhancing in this context means amending the grammar and generating a new parser.


While parsing the source, you can count the number of statements and their levels of nesting and require that certain limits are not exceeded.


Instead of just validating the source, you can amend it on the fly and transform for example:

while (true);


while (wfAbortIfResourcesLimitExceeded () && (true));

There will probably be some bombs that cannot be guarded against this way, but it should cover most common mistakes.

See also[edit]