Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
php code issue in form
Hey,
i’m stuck with a <txp:php> -> Textpattern Notice: php_code_forbidden_user issue .
I wrote a pair of php code lines in a form called by an article.
Everything works fine on my development site.
- textile in article is off : OK
- php code is allowed in article : OK
Has anything about php code changed between 4.4.0(dev site) and 4.4.1(production site) ?
If someone can give me a hint on what to look for, that would be perfect !
Offline
Re: php code issue in form
How about pref for allow php in pages? Is that on too?
Since the php is not directly in the article (it’s in a form) then that might be it.
Last edited by philwareham (2012-04-02 13:52:34)
Offline
Re: php code issue in form
Yes , everything is set to allow php except for raw php in article :(
Offline
Re: php code issue in form
planeth wrote:
i’m stuck with a
<txp:php> -> Textpattern Notice: php_code_forbidden_userissue .
That error notice indicates that you have enabled PHP support correctly. That’s good. What the message is actually indicating is that the article’s author doesn’t have rights to use PHP, or as in this case, cause PHP execution.
Only Publishers and Managing Editors can create articles that contain PHP code, and can use article forms that contains PHP or include items that call PHP code. As the code is inside the article form, it’s prevented from executing for security reasons. If a code is inside except, body, or custom field (or child of), it’s prevented from executing for security reasons.
Make sure that the users that have created the article(s) are indeed either Publishers or Managing Editors. Unfortunately, you can’t use PHP code in article assets if you wish to allow users with lesser permissions to be able to post articles using the same resources — not without altering and loosening permissions.
Although, you could convert your PHP code into a plugin and a tag (by simply wrapping it into a function etc) or if the PHP code doesn’t use particular article data, you could execute that same old PHP block outside the article content and return the output to a variable — then using the variable in the form.
Edit. corrected and made the information bit more clear. The limitation is not about article form, but the only the tags body, excerpt and custom_field.
Last edited by Gocom (2012-04-02 20:13:43)
Offline
#5 2012-04-02 15:11:49
- uli
- Moderator
- From: Cologne
- Registered: 2006-08-15
- Posts: 4,315
Re: php code issue in form
Gocom wrote:
Unfortunately, you can’t use PHP code in article forms if you wish to allow users with lesser permissions to be able to post articles using the same article form — not without altering and loosening permissions.
Could this be circumvented by placing the PHP in an external resource like an output_form or mck_snippet (permissions down to writers AFAICR)?
Edit: Ah, I see you provided a solution in the meantime!
Last edited by uli (2012-04-02 15:12:45)
In bad weather I never leave home without wet_plugout, smd_where_used and adi_form_links
Offline
Re: php code issue in form
Thanks for all the explanation.
However, i checked the owner of the article who is publisher, even changed to myself (admin). To no avail …
Plus it was not very clear in my first post, but in fact the php code is inside an output_form.
Anyway i will now try to output to a variable instead echoing direct from the output_form.
Coming back after one more checking.
In fact putting the code in output_form works only if the owner of the article is admin, not if she is publisher …
Last edited by planeth (2012-04-02 15:47:50)
Offline
Re: php code issue in form
Coulds smd_macros help get around this?
Piwik Dashboard, Google Analytics Dashboard, Minibar, Article Image Colorpicker, Admin Datepicker, Admin Google Map, Admin Colorpicker
Offline
Re: php code issue in form
planeth wrote:
code in output_form works only
There is no limitations what is in a output_form or is saved in a form. The limitation is based on the context where the code is, or in this case the output_form tag is. My previous post is slightly misleading; it’s not entirely about article form, but the code subject to article limitations when it’s child of except, body or custom_field node (parent of an article — also it being nested inside an article body counts).
If you have strange issues make sure that there are no broken tags, or that no plugins are causing conflicts, for example altering $is_article_body global variable.
is admin, not if she is publisher …
There is no user-group called admin. The limitations (as with most permissions limitations in general except few) are based on the actual user-group the user is in it. The php tag uses privileges option labeled article.php, which by default is set to allow user-groups 1 and 2 (Publisher, Managing Editor).
Last edited by Gocom (2012-04-02 20:15:30)
Offline
Re: php code issue in form
Thanks Jukka for all your clarifications.
I did check for broken tags, but this site is running MLP. Could this be an issue about altering $is_article_body ?
There is no user-group called admin.
My bad ! Due to “publisher” transalated by “administateur” in french !
What i understood from my tests is that you can only use php in output_form (called by an article) if the owner of said article has privileges for article.php which appear that in my case happens only for Publisher and not Managing Editor.
Offline
Pages: 1