Skip to:
Content
Pages
Categories
Search
Top
Bottom

Re: can admin execute php code in post?


zaerl
Participant

@zaerl

<?php
/*
Plugin Name: zaerl Eval PHP
Plugin URI: http://www.zaerl.com
Description: execute PHP code posted by admins
Author: zaerl
Author URI: http://www.zaerl.com
Version: 0.1

zaerl Eval PHP: execute PHP code posted by admins
Copyright (C) 2010 Francesco Bigiarini

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

*/

define('ZA_EP_VERSION', '0.1');
define('ZA_EP_ID', 'za-eval-php');
define('ZA_EP_NAME', 'zaerl Eval PHP');

function za_ep_filter($text)
{
$eval_text = "?>$text";

eval($eval_text);
}

function za_ep_allow_tag($tags)
{
$tags['script'] = array('language' => array());

return $tags;
}

function za_ep_initialize()
{
global $bb_current_user;

if($bb_current_user && $bb_current_user->has_cap('administrate'))
{
add_filter('bb_allowed_tags', 'za_ep_allow_tag');
add_filter('post_text', 'za_ep_filter');
}
}

add_action('bb_init', 'za_ep_initialize');

?>

example: I'm running PHP <script language="PHP">echo phpversion()</script>

Keep in mind that this code isn’t suitable for production environment.

Skip to toolbar