Skip to:
Content
Pages
Categories
Search
Top
Bottom

can admin execute php code in post?

Viewing 25 replies - 1 through 25 (of 27 total)
  • @kevinjohngallagher

    Member

    Yes

    @pagal

    Participant

    how? and will this work with bbPages?

    @chrishajer

    Participant

    There was an old plugin from _ck_ “Admin can post anything”:

    https://bbpress.org/plugins/topic/admin-can-post-anything/

    You can try it will bbPages and see if it works. I’ve never used that plugin. I do use the “Admin can post anything” plugin.

    @pagal

    Participant

    @Cris, you should definitely use this plugin, it just allow javascript and flash video embed, not php code in post!

    hope _ck_ will write more about it in this topic,


    @kevinjohngallagher
    where are you man :)

    help me, help you

    @chrishajer

    Participant

    I guess I never tried to include PHP in a bbPress reply, but maybe I was mislead by the “anything” in the plugin name. Maybe PHP is not added soon enough to actually be executed by the web server.

    What are you trying to do exactly?

    @_ck_

    Participant

    @pagal

    Participant

    _ck_ nope, I don’t want to highlight the php code, actually I want to execute php stuff!,

    If I write <?php echo 5+5 ?> in post form, then result should show 10, Hope it clear now.

    Thanks

    @mr_pelle

    Participant

    Maybe PHP is not added soon enough to actually be executed by the web server.

    This is what happens in WordPress, I suppose the same is valid here.

    @pagal

    Participant

    @kevinjohngallagher

    Member


    @kevinjohngallagher
    where are you man :)

    help me, help you

    Pagal,

    In order for us to help, we’d really like to know in what situation you’d use this in. Can you give us an example where you would actually use this?

    Respectfully, in the past you’ve asked for something vague, and it takes us about 2-3 days to get a real example of how you would use it, and then we solve it or you write:

    bbpress sucks,

    why you people did not shut down this software..if you are not able to do anything???????????????????????????????

    https://bbpress.org/forums/topic/extra-dropdown-field-in-registration-page#post-70307

    Throws us some examples, and we’ll try to help :)

    @pagal

    Participant

    O My God, Come one man, grow up, leave this topic, I was really tense in that day….

    And Really sorry to all for these words!

    Happy now? :-)

    @ashfame

    Participant

    lolz but you still didn’t tell us that how will you actually use it

    @kevinjohngallagher

    Member

    In order for us to help, we’d really like to know in what situation you’d use this in. Can you give us an example where you would actually use this?

    @_ck_

    Participant

    I think part of the problem here is the spoken language barrier.

    But beyond that is the problem of understanding what a huge security risk it is to run PHP dynamically inside posts.

    It requires the use of EVAL which can be VERY dangerous and should be avoided when possible.

    @pagal

    Participant

    @kevinjohngallagher, well actually, I want to use it in bbPages to create, contact page, feed back forms and other stuff.. I was avoiding to create static pages like this

    @_ck_ in other words, it is not possible?

    @mr_pelle like support forum , why not update this plugin with extra features of bbPages the author of this plugin is no more active in this forum.

    @kevinjohngallagher

    Member

    I want to use it in bbPages to create, contact page, feed back forms and other stuff.. I was avoiding to create static pages like this

    OK, cool.

    While it might be possible, its not likely. Its not what bbPress was designed for. It’s not a Content Management System.

    In honesty, if you want that sort of functionality, WordPress side by side with a bbPress forum is the best way forward.

    @mr_pelle

    Participant

    @mr_pelle like support forum , why not update this plugin with extra features of bbPages the author of this plugin is no more active in this forum.

    I do not see how bbPages would be related to Support Forum(s)…

    @ishan786

    Member

    yes. it can possible and easily found in net.

    @kevinjohngallagher

    Member

    I’m going to go no record an suggest thats the best bit of spam i’ve read in a while. Reading via RSS I thought, why is _ck_ repeating herself?

    @zaerl

    Participant

    can be VERY dangerous and should be avoided when possible.

    Indeed but the title is Admin can paste PHP code in post.

    @pagal

    Participant

    Title should be “Can Admin execute php code in post?”, apologize.

    @zaerl

    Participant
    <?php
    /*
    Plugin Name: zaerl Eval PHP
    Plugin URI: http://www.zaerl.com
    Description: execute PHP code posted by admins
    Author: zaerl
    Author URI: http://www.zaerl.com
    Version: 0.1

    zaerl Eval PHP: execute PHP code posted by admins
    Copyright (C) 2010 Francesco Bigiarini

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

    */

    define('ZA_EP_VERSION', '0.1');
    define('ZA_EP_ID', 'za-eval-php');
    define('ZA_EP_NAME', 'zaerl Eval PHP');

    function za_ep_filter($text)
    {
    $eval_text = "?>$text";

    eval($eval_text);
    }

    function za_ep_allow_tag($tags)
    {
    $tags['script'] = array('language' => array());

    return $tags;
    }

    function za_ep_initialize()
    {
    global $bb_current_user;

    if($bb_current_user && $bb_current_user->has_cap('administrate'))
    {
    add_filter('bb_allowed_tags', 'za_ep_allow_tag');
    add_filter('post_text', 'za_ep_filter');
    }
    }

    add_action('bb_init', 'za_ep_initialize');

    ?>

    example: I'm running PHP <script language="PHP">echo phpversion()</script>

    Keep in mind that this code isn’t suitable for production environment.

    @zaerl

    Participant

    Ops, substitute za_ep_filter with:

    function za_ep_filter($text)
    {
    $eval_text = "?>$text";

    ob_start();
    eval($eval_text);

    $ret = ob_get_contents();
    ob_end_clean();

    return $ret;
    }

    @pagal

    Participant

    Really thanks zaerl,

    please also give an example how to write complete php code to execute with this plugin

    Parse error: syntax error, unexpected '>' in /my-site-path/my-plugins/zaerl-Eval-PHP.php(37) : eval()'d code on line 1

    @pagal

    Participant

    WoW That Works

    example to execute code

    <script language="PHP">

    echo

    php code here without <?php and ?>

    </script>

    Thanks zaerl, you are really a smart person,

    Keep in mind that this code isn’t suitable for production environment.

    Can you please explain what do you mean about production environment?

    Thanks Again,

    Cheers

Viewing 25 replies - 1 through 25 (of 27 total)
  • You must be logged in to reply to this topic.
Skip to toolbar