• View
• Edit
• History
• Print
• Backlinks

IncludeFile

Question

How do I include an external file (from the same file system)?

Answer

There are two simple and quick solutions, and one more elaborate and flexible recipe that should be the safest choice.

IncludeFile recipe - sanitised and filtered and access restricted for showing file content

This recipe includes the content of a given text file (or set of text files) in the output of the wiki page. "In the output" means that the inclusion is dynamic (like a link) - the markup in the wiki page itself remains unchanged. It is assumed that you have the CookbookSecure Attachments]] recipe in place, so uploaded files are gathered in a non-webserver-accessible space (usually below upload/) and grouped according to wiki page.

The basic syntax is

The file is taken from the upload directory corresponding to the wiki page where the markup is placed in. You can also specify a set of files, using the ext=txt option (then omit the filename argument), any other file extension is of course also possible. The full set of options is:

• ext=...: specify a comma separated list of file extensions
• header=...:
  • filename
  • filenamebold
  • filenamesmall
  • hr - horizontal rule preceding the header
• fontsize=...: use given font size (8pt or similar) to display file contents
• order=...: when displaying a set of files, use the given ordering, where name, size, time, atime, mtime, ctime are allowed (prepended with minus for descending order as usual). (Means time of last access or modification, or create time.)

Security issues: On inclusion it is checked whether the current user has permission to access the file, using the includefile action. This action is by default mapped to the read level, so the user needs read permission on the wiki page the file is belonging to. When including the contents all tags are effectively escaped by applying the PHSC ()) function to escape html special characters. The result is packed into a <code> environment.

ThomasP March 19, 2007, at 12:04 AM

Installation

• download includefile-2025-12-01.phpΔ
• rename the php file to includefile.php
• add lines similar to the following to config.php

## Activate the IncludeFile recipe. https://pmwiki.org/wiki/Cookbook/IncludeFile
include_once("$FarmD/cookbook/includefile.php"); 

Script solutions

Unfiltered unsanitised inclusion of any file

Use only if you can trust all wiki editors. Do not use on a public wiki!

The following markup lets you include any file, relative to the path you set in the markup definition. Any file on the system can be included, if you give the right relative path in the markup. Note that files are not filtered or sanitised for output. Code may be interpreted. This can be potentially disastrous.

  Markup('includefile', 'directives', '/\\(:includefile\\s+([-\\/.\\w]+)\\s*:\\)/',
    "mu_includefile");
  function mu_includefile($m){
    return Keep(implode('', file('/home/yourlocalfilesystempath/public_html/inc/'.$m[1])));
  }

With this in place, the markup (:includefile something.html:) would include the contents of /home/yourlocalfilesystempath/public_html/inc/something.html in the output.

For a sanitised and preformatted output for showing code file content see next solution, although it is still allowing any file on the system to be shown. For a safe solution restricting files to be in a uploads directory and checking read permission see the recipe solution.

• This recipe was last tested on PmWiki version: 2.1beta9
• This recipe requires at least PmWiki version: any version 2

Sanitised and filtered for showing any file content

Use only if you can trust all wiki editors. Do not use on a public wiki!

No attempt is made to ask for any read authorisation or restrict the file path to uploads/ or other defined directories. You could show content of any file on your system. This could be a good solution for someone wanting to show contents of php files from the cookbook directory for instance.

Place in config.php:

Markup('showsource', 'directives', "/\\(:showsource\\s+(.*?)\\s*?:\\)/",
                                        "ShowSource");
function ShowSource($m) {
  $text = PHSC(file_get_contents($m[1]));
  return "<pre class='escaped'>".Keep($text)."</pre>";}

Use markup (:showsource pathtofile/filename.ext:) i.e. like (:showsource cookbook/newpagebox.php:)
The filepath is relative to the location of your pmwiki script.

HansB December 07, 2007, at 07:00 AM

Solution 2: hardcoded skin template inclusion

In a skin template file, you can use <!--file:path/to/template.html-->.
Code will be interpreted.
This solution is not for showing file content only.

Releases

• 2025-12-01 Simon sanitise html, handle images
• 2025-11-30 Simon more tidy updates after testing, use basename, fix options
• 2025-11-26 Simon update for "/e" modifier, "{}" to "[]", fix undefined variable, replace use of @ with isset, use PHSC, partially sanitise HTML
• ver 0.2 (2007-12-07) IncludeFile_v0.2.phpΔ (rename to includefile.php after download)
  • added version information
  • corrected sorting feature (previously sorting by filename only)
  • extended header option, voiding former header options on and bold
• ver 0.1 (2006-08-01) IncludeFile_v0.1.phpΔ

Notes

See Also

Contributors

• ThomasP

Comments

See discussion at IncludeFile-Talk