Re: [Phpwiki-talk] Transclusion plugin

[Reini U. <ru...@x-...>]

Lawrence Akka schrieb:
> Some    random    jottings    on    the    Transclude    plugin,   for
> discussion/flames/whatever:
> 
> Name:   What   on   earth   is   transclusion?   OK,   I   know  about
> http://www.usemod.com/cgi-bin/mb.pl?TransClusion    but    see    also
> http://scriptingnews.userland.com/backissues/2002/03/30#transOrIn
 > It  just  sounds  a  bit  silly  to me. What's wrong with "Include"? I
 > thought wiki was supposed to be easy to use/intuitive :-)

true. what about "IframeInclude"?
but meatball as quasi-reference called it "TransClusion", so that's a 
strong point.

> Recursion:  Whilst it is relatively easy (I guess) to detect if a page
> includes itself, what if a page1 includes page2 includes page1 ...
> Actually,  this  same  problem  applies  to the Redirect plugin - see:
> http://phpwiki.sourceforge.net/demo/en/RedirectLoop.  

> Possibility for DoS attacks?

does anyone knows more about endless redirect loops on the apache?
php has a timeout for this kind of beast, but apache not.

> Bad  scripts: Security problems if A Bad User can include all sorts of
> html in a wiki page? Isn't this why we don't generally allow raw html.

So we should check for ENABLE_RAW_HTML on the external inclusion parameters:
   src in FrameInclude and Transclusion. href in RedirectTo.
Otherwise only internal pages are allowed. Or?
-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban/