Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2018-02-02 19:52:03

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 305
Website GitHub Twitter

Strange behaviour of <txp:php> inside article body

Hello,

I’m using Textpattern 4.6.2 with php 7.0.27-1~dotdeb+8.1

I recognized a strange behaviour of textpattern when using inside an article a form for <txp:images> with <txp:php> code inside.

Usually pictures are shown in my environment by calling <txp:images id="xyz" form="bilder_thumb" />

bilder_thumb is looking like that:

<txp:mkp_if_amp>

<txp:else />

<a href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" /><txp:image_info type="ext" />'
   target="_blank"
   rel="lightbox"
   title='<txp:image_info type="caption"/>'>
<span itemprop="image" itemscope itemtype="https://schema.org/ImageObject">
    <img class="nofloat" 
         title='<txp:image_info type="caption"/>' 
         alt='<txp:image_info type="alt"/>' 
         src='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" />t<txp:image_info type="ext" />'/>

    <meta itemprop="width" content='<txp:image_info type="w" wraptag="" class="" />'>
    <meta itemprop="height" content='<txp:image_info type="h" wraptag="" class="" />'>
    <link itemprop="url" href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" /><txp:image_info type="ext" />'>
    <link itemprop="contentUrl" href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" /><txp:image_info type="ext" />'>
    <link itemprop="thumbnailUrl" href='<txp:site_url/><txp:image_info type="name" />__<txp:image_info type="id" />t<txp:image_info type="ext" />'>
    <txp:chh_if_data><meta itemprop="caption" content='<txp:image_info type="caption" wraptag="" class="" />'></txp:chh_if_data>
</span>


</a>
<txp:image_info type="caption" wraptag="span" class="klein zentriert"/>

</txp:mkp_if_amp>

I tried to use PHP-Code to transform the image name to a more common variant like this:


<txp:php>
   $namensteile = pathinfo(image_info(array(type=>"name")));
   echo $namensteile['filename']."__".image_info(array(type=>"id")).".".$namensteile['extension'];
</txp:php> 

And now it’s getting ridiculous. Some articles show the picture, with the right path, but most of them not. So I was looking for a mistake by putting some code on different places of this form like this <!-- <txp:php>echo "Hello world!";</txp:php> --> But the same in most of the articles the PHP-Code is completely ignored and I got only <!-- --> as output. When I put this code outside <txp:body /> everything is fine. In preferences allow_article_php_scripting and allow_page_php_scripting are switched on. Playing around with them brought nothing.

Did I oversee something or is this a bug?

Offline

#2 2018-02-03 11:04:05

etc
Developer
Registered: 2010-11-11
Posts: 5,028
Website GitHub

Re: Strange behaviour of <txp:php> inside article body

Does the articles author have sufficient privileges?

Offline

#3 2018-02-03 11:11:06

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 305
Website GitHub Twitter

Re: Strange behaviour of <txp:php> inside article body

ah, that should be the point.
I once had installed this old bot_privs plugin to restrict user privileges. The difference in these mentioned articles are between “freelancers” and the “publisher”.

What is the best plugin or way to correct this?

Offline

#4 2018-02-03 11:35:05

etc
Developer
Registered: 2010-11-11
Posts: 5,028
Website GitHub

Re: Strange behaviour of <txp:php> inside article body

Use this code in a form, and not directly in articles, perhaps?

Offline

#5 2018-02-03 11:42:26

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 305
Website GitHub Twitter

Re: Strange behaviour of <txp:php> inside article body

I use it in a form, that’s why I never thought about privileges. First I used it also in a second special form like this.

<txp:images id="xyz" form="bilder_thumb" />

bilder_thumb called a form named bilder_thumbnail_url with this php code above. And when this showed no results, I started to search for the mistake.

Is “User can insert php in articles” switched off the default behavior?

The documentation says something other:

For example, the Designer role is restricted to those areas of the administration side that may play a role in presentation, including Page templates and Form templates. Such restrictions may seem sufficiently secure on the surface, but if the ‘Allow PHP in pages?’ preference is set to ‘Yes’ in the Preferences panel panel, then a Designer could use PHP in Page templates and/or Form templates in a malicious way to gain administrator-like power and cause problems. Setting the preference to ‘No’ would prevent such a possibility.

I reinstalled this bot_privs plugin, updated it for use in 4.6.2 and tried to reset the privileges, but without success.

Fixed Textile — Uli

Offline

#6 2018-02-03 12:07:40

etc
Developer
Registered: 2010-11-11
Posts: 5,028
Website GitHub

Re: Strange behaviour of <txp:php> inside article body

Ah yes, it looks like <txp:php /> will not work inside an article body without sufficient author privileges, even when called via a form. Not sure how to circumvent this security feature atm :-)

Offline

#7 2018-02-03 12:15:17

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 305
Website GitHub Twitter

Re: Strange behaviour of <txp:php> inside article body

so it’s not possible to adjust these group rights?
Played around with updated bot_privs and smd_user_manager without success. Hm, it is a pity, because I wanted to have more pretty image file names for SEO.
“this_image_name__id.jpg” instead of “id.jpg”
Now it looks like “this_image_name.jpg__id.jpg” it’s also ok, but not perfect :-D

Offline

#8 2018-02-03 12:45:38

etc
Developer
Registered: 2010-11-11
Posts: 5,028
Website GitHub

Re: Strange behaviour of <txp:php> inside article body

I don’t know how bot_privs works, but you probably need to give article.php privs to authors. At the price of allowing them to run any php code…

Offline

#9 2018-02-03 13:15:33

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 305
Website GitHub Twitter

Re: Strange behaviour of <txp:php> inside article body

Hm, maybe Bloke can help. He had at least published once smd_user_manager

But beside this, I think it is confusing to allow on the one hand using of php inside articles in the preferences and than to be confronted with the restriction, that this allowance applies only for the site owner and the main editor as far as I understand it.

Offline

#10 2018-02-03 13:43:20

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,578
Website

Re: Strange behaviour of <txp:php> inside article body

Try rah_privileges. I made some updates a while back to get it working again and I think Jukka incorporated them when he briefly resurfaced last year (currently his main site is down).


TXP Builders – finely-crafted code, design and txp

Offline

#11 2018-02-03 14:03:36

whocarez
Plugin Author
From: Germany/Ukraine
Registered: 2007-10-08
Posts: 305
Website GitHub Twitter

Re: Strange behaviour of <txp:php> inside article body

Thanks for this hint. Could install it and tried to change “article.php” for all roles except designers, but without success. Btw I see 69 times something like rah_privileges_10ae9fc7d453b0dd525d0edf2ede7961 with all possible options for rights, just right of it.

Last edited by whocarez (2018-02-03 14:04:09)

Offline

#12 2018-02-03 17:42:56

etc
Developer
Registered: 2010-11-11
Posts: 5,028
Website GitHub

Re: Strange behaviour of <txp:php> inside article body

The plugin type should be 5 (Public+admin+AJAX). It was 4 in the version I have tested, please check.

Offline

Board footer

Powered by FluxBB