Summary: let PHP scripts generate parts of you wiki page content
Version: 1.4b
Prerequisites: none
Status: stable
Maintainer: Sven
Categories: Markup

Questions answered by this recipe

  • Is there an easy way to let content be generated by external PHP scripts?
  • How can I combine the power of PHP code with the ease of PmWiki markup?


This receipe defines a markup for execution of PHP scripts and usage of their output as wiki markup. It natively supports paranoid permission policies.

How to Install

  1. Download phpinc-v1.4b.zipΔ and unpack it in your PmWiki directory.
  2. In your local config, write the usual include code: require_once "$FarmD/cookbook/phpinc-markup.php";
  3. That's all. :) Out of the box, you can only use the unixtime plugin.


  • To insert markup generated by a plugin, write (:phpinc plugin-name [param1=value1] [param2=value2] [more parameters...]:).
    • Example that works out of the box: (:phpinc unixtime:)
  • The plugin-name may consist of any combination of letters, numbers, minus signs, underscore and slashes.
    • This receipe will include() "phpinc/plugin-name.php", so if you write (:phpinc /etc/shadow:), it will look for "phpinc//etc/shadow.php". (What ever this will resolve to on your webserver. Remember to allow execution of "/etc/shadow" plugin first, or you will see just an error message.)
  • Please note that the plugin is executed before directives such as (:if ...:) take effect. This allows the plugins to have directives in their output interpreted by PmWiki.
    • To change this behavior, replace '_begin' with 'inline'.

Security: Execution Permissions

Permissions are defined in Site.PhpIncPermissions? in this style: plugin1 plugin2

Each such line defines which plugins can be used by the specified wiki page. Instead of you may write :*:, which will allow these plugins to be called from any page.

Plugins that are not explicitly allowed will not be executed.

Security: Direct Execution

In order to prevent plugins from direct execution, please deny web users access to your phpinc directory with an .htaccess file. Additionally, each plugin should itself check whether it is executed within PmWiki.

Security: Restrict the Actions

If you have a security policy based on the idea that only users with read access to the page can execute the plugins within, make very sure that they cannot view the page content in another way, e.g. using the "search" action. You can use Restrict Actions for this.


See Discussion at PHPScriptAsWikiMarkupSource-Talk.


  • v1.4b: Downward compatibility patch: The include()'s return value is echoed only if it's a string (for scripts without a return statement)
  • v1.4: phpinc now catches exceptions and echoes the include()'s return value.
  • v1.2b: removed feature of being active only for "browse" action, since even when you are editing a page you might still want to use phpinc in your sidebar.
  • v1.2: Speed improvements, permission caching
  • v1.1: Added support for shared plugins in wikifarms, added default "reqvar" (request variable) plugin. Please feel free to write a documentation for reqvar.
  • v1.0: Initial stable release


  • Sven - original author

User notes +1: If you use, used or reviewed this recipe, you can add your name. These statistics appear in the Cookbook listings and will help newcomers browsing through the wiki.