A Wordpress plugin

TODO: write this up


[pmwiki] .....markup..... [/pmwiki]



I get the best results with the Text Control plugin set to No Formatting







Some dev notes

michael paulukonis writes the indents, Petko writes the outdents:

    Basically, the plugin checks for text enclosed by a set of tags, passes that
    to the markup service, which them provides HTML back to WordPress.

It looks you're getting the output HTML via a network connexion (browser or

    Is there any major security hole that I'm opening up in PmWiki by doing


    Is there any way to obtain arbitrary JavaScript that extension attempt to
    add to the page?

No, not any more than leaving the standard PmWiki open to viewing. How secure
is that, depends on how secure are the recipes you enabled.

    (other than inline JS applied to markup) ?

If you have inline JS, some of these PmWiki recipes also inject JavaScript
into the header or footer of the rendered full page. Without it, some
functionnalities may not work in the HTML returned by MarkupToHTML(). But this
is not a security issue.

About security, in your case, I'd probably limit the PmWiki installation to
only do the 'wikimarkup' action. Something like this in config.php:

 $action = 'wikimarkup'; # OR
 if($action != 'wikimarkup') $action = 'wikimarkup';

Alternatively, it may be possible to include pmwiki.php and use only the
markup engine. In your WordPress php configuration file, you can add something
like this:

 $EnableActions = 0;

This will load PmWiki but will disable all automatc processing, allowing you
to call selected functions yourself, for example MarkupToHTML().

Note tht PmWiki will look for configuration files at two places:

 local/config.php - the directory 'local' is related index.php of WordPress
 local/farmconfig.php - 'local' here is related to where pmwiki.php is

And if you include recipes, you'll need to use the $FarmD variable:


See the following discussion on the mailing list:




See Also