Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Strange behaviour of <txp:php> inside article body
Hello,
I’m using Textpattern 4.6.2 with php 7.0.27-1~dotdeb+8.1
I recognized a strange behaviour of textpattern when using inside an article a form for <txp:images>
with <txp:php>
code inside.
Usually pictures are shown in my environment by calling <txp:images id="xyz" form="bilder_thumb" />
bilder_thumb
is looking like that:
<txp:mkp_if_amp>
<txp:else />
<a href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" /><txp:image_info type="ext" />'
target="_blank"
rel="lightbox"
title='<txp:image_info type="caption"/>'>
<span itemprop="image" itemscope itemtype="https://schema.org/ImageObject">
<img class="nofloat"
title='<txp:image_info type="caption"/>'
alt='<txp:image_info type="alt"/>'
src='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" />t<txp:image_info type="ext" />'/>
<meta itemprop="width" content='<txp:image_info type="w" wraptag="" class="" />'>
<meta itemprop="height" content='<txp:image_info type="h" wraptag="" class="" />'>
<link itemprop="url" href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" /><txp:image_info type="ext" />'>
<link itemprop="contentUrl" href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" /><txp:image_info type="ext" />'>
<link itemprop="thumbnailUrl" href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" />t<txp:image_info type="ext" />'>
<txp:chh_if_data><meta itemprop="caption" content='<txp:image_info type="caption" wraptag="" class="" />'></txp:chh_if_data>
</span>
</a>
<txp:image_info type="caption" wraptag="span" class="klein zentriert"/>
</txp:mkp_if_amp>
I tried to use PHP-Code to transform the image name to a more common variant like this:
<txp:php>
$namensteile = pathinfo(image_info(array(type=>"name")));
echo $namensteile['filename']."__".image_info(array(type=>"id")).".".$namensteile['extension'];
</txp:php>
And now it’s getting ridiculous. Some articles show the picture, with the right path, but most of them not. So I was looking for a mistake by putting some code on different places of this form like this <!-- <txp:php>echo "Hello world!";</txp:php> -->
But the same in most of the articles the PHP-Code is completely ignored and I got only <!-- -->
as output. When I put this code outside <txp:body /> everything is fine. In preferences allow_article_php_scripting and allow_page_php_scripting are switched on. Playing around with them brought nothing.
Did I oversee something or is this a bug?
Offline
Re: Strange behaviour of <txp:php> inside article body
Does the articles author have sufficient privileges?
Offline
Re: Strange behaviour of <txp:php> inside article body
ah, that should be the point.
I once had installed this old bot_privs plugin to restrict user privileges. The difference in these mentioned articles are between “freelancers” and the “publisher”.
What is the best plugin or way to correct this?
Offline
Re: Strange behaviour of <txp:php> inside article body
Use this code in a form, and not directly in articles, perhaps?
Offline
Re: Strange behaviour of <txp:php> inside article body
I use it in a form, that’s why I never thought about privileges. First I used it also in a second special form like this.
<txp:images id="xyz" form="bilder_thumb" />
bilder_thumb
called a form named bilder_thumbnail_url
with this php code above. And when this showed no results, I started to search for the mistake.
Is “User can insert php in articles” switched off the default behavior?
The documentation says something other:
For example, the Designer role is restricted to those areas of the administration side that may play a role in presentation, including Page templates and Form templates. Such restrictions may seem sufficiently secure on the surface, but if the ‘Allow PHP in pages?’ preference is set to ‘Yes’ in the Preferences panel panel, then a Designer could use PHP in Page templates and/or Form templates in a malicious way to gain administrator-like power and cause problems. Setting the preference to ‘No’ would prevent such a possibility.
I reinstalled this bot_privs plugin, updated it for use in 4.6.2 and tried to reset the privileges, but without success.
Fixed Textile — Uli
Offline
Re: Strange behaviour of <txp:php> inside article body
Ah yes, it looks like <txp:php />
will not work inside an article body without sufficient author privileges, even when called via a form. Not sure how to circumvent this security feature atm :-)
Offline
Re: Strange behaviour of <txp:php> inside article body
so it’s not possible to adjust these group rights?
Played around with updated bot_privs and smd_user_manager without success. Hm, it is a pity, because I wanted to have more pretty image file names for SEO.
“this_image_name__id.jpg” instead of “id.jpg”
Now it looks like “this_image_name.jpg__id.jpg” it’s also ok, but not perfect :-D
Offline
Re: Strange behaviour of <txp:php> inside article body
I don’t know how bot_privs
works, but you probably need to give article.php
privs to authors. At the price of allowing them to run any php code…
Offline
Re: Strange behaviour of <txp:php> inside article body
Hm, maybe Bloke can help. He had at least published once smd_user_manager
But beside this, I think it is confusing to allow on the one hand using of php inside articles in the preferences and than to be confronted with the restriction, that this allowance applies only for the site owner and the main editor as far as I understand it.
Offline
Re: Strange behaviour of <txp:php> inside article body
Try rah_privileges. I made some updates a while back to get it working again and I think Jukka incorporated them when he briefly resurfaced last year (currently his main site is down).
TXP Builders – finely-crafted code, design and txp
Offline
Re: Strange behaviour of <txp:php> inside article body
Thanks for this hint. Could install it and tried to change “article.php” for all roles except designers, but without success. Btw I see 69 times something like rah_privileges_10ae9fc7d453b0dd525d0edf2ede7961
with all possible options for rights, just right of it.
Last edited by whocarez (2018-02-03 14:04:09)
Offline
Re: Strange behaviour of <txp:php> inside article body
The plugin type
should be 5
(Public+admin+AJAX). It was 4
in the version I have tested, please check.
Offline