php code in article body

hbpattern · 2006-07-13 19:34:17

Hello,

following situation:
1. user = staff_writer
2. in array $txp_permissions …. ‘article.php’ => ’1,2’

When the user creates an new article with ‘leave text untouched’ he can
embed php-code f.e.:

I think it would be a security-problem ?

I don’t want to deactivate php-scripting generally, because I need it.

Is there a solution ?

hbpattern

Mary · 2006-07-13 23:58:34

Turn it off for articles. In admin prefs.

hbpattern · 2006-07-14 06:24:41

ok, I have done this. (php is disabled in articles)

1. “leave text untouched” —> it’s always possible to implement php-code and it’s executed

2. “use textile” —> the whole site is unreachable: Parse error: parse error, unexpected ‘&’ in E:\Programme\xampp\htdocs\textpattern\textpattern\publish.php(934) : eval()’d code on line 59

Mary · 2006-07-14 18:49:02

The error is an error in one of your plugins.

That preference isn’t the one I was talking about. Look under “Advanced”.

Edit: nevermind, I misunderstood some of what you said.

Last edited by Mary (2006-07-14 23:16:06)

zem · 2006-07-14 23:13:04

h,

The allow_page_php_scripting advanced pref will turn this off and fix the problem. (That same setting controls the txp:php tag however, so it will stop working).

I think you’ll find this is fixed in svn. There is now a separate allow_raw_php_scripting preference that controls the ?php ? tag.

Last edited by zem (2006-07-14 23:17:23)

Textpattern CMS

Textpattern CMS support forum

#1 2006-07-13 19:34:17

php code in article body

#2 2006-07-13 23:58:34

Re: php code in article body

#3 2006-07-14 06:24:41

Re: php code in article body

#4 2006-07-14 18:49:02

Re: php code in article body

#5 2006-07-14 23:13:04

Re: php code in article body

Board footer