Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Not Solved [How To?] Run PHP script from post (admin only)
#1
Not Solved
Is there a plugin to execute PHP scripts from posts? This should be valid for Admin only, obviously.
Reply
#2
Not Solved
Firstly, why would you want to? Who can post the PHP scripts? Anyone? Do scripts only run if you're an admin?

If anyone can post a PHP script and it gets executed when an admin views it you're asking for trouble. What you really need here is a custom plugin that checks the user group and executes the code of your choice.

PHP scripts run server side, so you don't want to have people being able to execute abritrary code on your server.
Reply
#3
Not Solved
(09-19-2018, 10:30 AM)Tom K. Wrote: Firstly, why would you want to? Who can post the PHP scripts? Anyone? Do scripts only run if you're an admin?

If anyone can post a PHP script and it gets executed when an admin views it you're asking for trouble. What you really need here is a custom plugin that checks the user group and executes the code of your choice.

PHP scripts run server side, so you don't want to have people being able to execute abritrary code on your server.

Ups, sorry, let me elaborate.

What I want to do is using threads (rather than custom .php pages) to host scripts that are executed when anyone views them.

I've already limited all permissions to write so that Admins only can post threads, so they'd be the only one able to do this.

I understand this isn't a common request but I just wanted to know if there's an easy way to do this, considering I'm using the PHP to Templates plugin and it works perfectly for scripts that are placed in custom pages.
Reply
#4
Not Solved
You could attempt to use a MyCode replacement... I know it works for CSS with a MyCode replace, I've never personally tried PHP though.

Regular Expression
\[dophp\](.*?)\[/dophp\]

Replacement
<?php $1 ?>

Testing
[dophp]echo "Hello World!";[/dophp]
> SELECT finger FROM hand WHERE id='3'
Reply
#5
Not Solved
@isoldehn it will not work.
[Image: ZbrcFs]
Reply
#6
Not Solved
(09-19-2018, 02:00 PM)isoldehn Wrote: You could attempt to use a MyCode replacement... I know it works for CSS with a MyCode replace, I've never personally tried PHP though.

MyCode is executed clientside, ergo, won't work for this purpose.
[Image: kAhpvOW.png]
Reply
#7
Not Solved
Even though I agree that it is a huge security risk, particularly if an admin account gets hacked, you would need to hook to the parser. I'm not certain which one of the hooks is the proper one. The ones for the parser are about halfway down the page.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)