2018-09-19, 08:47 AM
2018-09-19, 10:30 AM
Firstly, why would you want to? Who can post the PHP scripts? Anyone? Do scripts only run if you're an admin?
If anyone can post a PHP script and it gets executed when an admin views it you're asking for trouble. What you really need here is a custom plugin that checks the user group and executes the code of your choice.
PHP scripts run server side, so you don't want to have people being able to execute abritrary code on your server.
If anyone can post a PHP script and it gets executed when an admin views it you're asking for trouble. What you really need here is a custom plugin that checks the user group and executes the code of your choice.
PHP scripts run server side, so you don't want to have people being able to execute abritrary code on your server.
2018-09-19, 10:53 AM
(2018-09-19, 10:30 AM)Tom K. Wrote: [ -> ]Firstly, why would you want to? Who can post the PHP scripts? Anyone? Do scripts only run if you're an admin?
If anyone can post a PHP script and it gets executed when an admin views it you're asking for trouble. What you really need here is a custom plugin that checks the user group and executes the code of your choice.
PHP scripts run server side, so you don't want to have people being able to execute abritrary code on your server.
Ups, sorry, let me elaborate.
What I want to do is using threads (rather than custom .php pages) to host scripts that are executed when anyone views them.
I've already limited all permissions to write so that Admins only can post threads, so they'd be the only one able to do this.
I understand this isn't a common request but I just wanted to know if there's an easy way to do this, considering I'm using the PHP to Templates plugin and it works perfectly for scripts that are placed in custom pages.
2018-09-19, 02:00 PM
You could attempt to use a MyCode replacement... I know it works for CSS with a MyCode replace, I've never personally tried PHP though.
Regular Expression
Replacement
Testing
Regular Expression
\[dophp\](.*?)\[/dophp\]Replacement
<?php $1 ?>Testing
[dophp]echo "Hello World!";[/dophp]2018-09-19, 11:54 PM
(2018-09-19, 02:00 PM)isoldehn Wrote: [ -> ]You could attempt to use a MyCode replacement... I know it works for CSS with a MyCode replace, I've never personally tried PHP though.
MyCode is executed clientside, ergo, won't work for this purpose.
2018-09-24, 10:14 PM
Even though I agree that it is a huge security risk, particularly if an admin account gets hacked, you would need to hook to the parser. I'm not certain which one of the hooks is the proper one. The ones for the parser are about halfway down the page.