Re: can admin execute php code in post?
<?php
/*
Plugin Name: zaerl Eval PHP
Plugin URI: http://www.zaerl.com
Description: execute PHP code posted by admins
Author: zaerl
Author URI: http://www.zaerl.com
Version: 0.1
zaerl Eval PHP: execute PHP code posted by admins
Copyright (C) 2010 Francesco Bigiarini
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
define('ZA_EP_VERSION', '0.1');
define('ZA_EP_ID', 'za-eval-php');
define('ZA_EP_NAME', 'zaerl Eval PHP');
function za_ep_filter($text)
{
$eval_text = "?>$text";
eval($eval_text);
}
function za_ep_allow_tag($tags)
{
$tags['script'] = array('language' => array());
return $tags;
}
function za_ep_initialize()
{
global $bb_current_user;
if($bb_current_user && $bb_current_user->has_cap('administrate'))
{
add_filter('bb_allowed_tags', 'za_ep_allow_tag');
add_filter('post_text', 'za_ep_filter');
}
}
add_action('bb_init', 'za_ep_initialize');
?>
example: I'm running PHP <script language="PHP">echo phpversion()</script>
Keep in mind that this code isn’t suitable for production environment.