Commit 7eb4b0c1 authored by lussoluca's avatar lussoluca Committed by lussoluca

Issue #3005475 by lussoluca: Remove Execute PHP feature

parent 86e3b8f4
......@@ -18,7 +18,6 @@ INTRODUCTION
Devel module contains helper functions and pages for Drupal developers and
inquisitive admins:
- A block for running custom PHP on a page
- A block for quickly accessing devel pages
- A block for masquerading as other users (useful for testing)
- A mail-system class which redirects outbound email to files
......
......@@ -2,7 +2,6 @@ toolbar_items:
- 'devel.admin_settings_link'
- 'devel.cache_clear'
- 'devel.container_info.service'
- 'devel.execute_php'
- 'devel.menu_rebuild'
- 'devel.reinstall'
- 'devel.route_info'
......
......@@ -46,10 +46,6 @@ devel.phpinfo:
title: 'PHPinfo()'
route_name: system.php
menu_name: devel
devel.execute_php:
title: 'Execute PHP'
route_name: devel.execute_php
menu_name: devel
devel.session:
title: 'View Session'
route_name: devel.session
......
......@@ -3,11 +3,6 @@ access devel information:
title: 'Access developer information'
restrict access: TRUE
execute php code:
title: 'Execute PHP code'
description: 'Run arbitrary PHP from a block.'
restrict access: TRUE
switch users:
title: 'Switch users'
description: 'Become any user on the site with just a click.'
......
......@@ -96,16 +96,6 @@ devel.field_info_page:
requirements:
_permission: 'access devel information'
devel.execute_php:
path: '/devel/php'
defaults:
_form: '\Drupal\devel\Form\ExecutePHP'
_title: 'Execute PHP code'
options:
_admin_route: TRUE
requirements:
_permission: 'execute php code'
devel.session:
path: '/devel/session'
defaults:
......
<?php
namespace Drupal\devel\Form;
use Drupal\Core\Form\FormBase;
use Drupal\Core\Form\FormStateInterface;
/**
* Defines a form that allows privileged users to execute arbitrary PHP code.
*/
class ExecutePHP extends FormBase {
/**
* {@inheritdoc}
*/
public function getFormId() {
return 'devel_execute_form';
}
/**
* {@inheritdoc}
*/
public function buildForm(array $form, FormStateInterface $form_state) {
$form = array(
'#title' => $this->t('Execute PHP Code'),
'#description' => $this->t('Execute some PHP code'),
);
$form['execute']['code'] = array(
'#type' => 'textarea',
'#title' => t('PHP code to execute'),
'#description' => t('Enter some code. Do not use <code>&lt;?php ?&gt;</code> tags.'),
'#default_value' => (isset($_SESSION['devel_execute_code']) ? $_SESSION['devel_execute_code'] : ''),
'#rows' => 20,
);
$form['execute']['actions'] = ['#type' => 'actions'];
$form['execute']['actions']['op'] = [
'#type' => 'submit',
'#value' => t('Execute'),
];
$form['#redirect'] = FALSE;
if (isset($_SESSION['devel_execute_code'])) {
unset($_SESSION['devel_execute_code']);
}
return $form;
}
/**
* {@inheritdoc}
*/
public function submitForm(array &$form, FormStateInterface $form_state) {
ob_start();
$code = $form_state->getValue('code');
print eval($code);
$_SESSION['devel_execute_code'] = $code;
dpm(ob_get_clean());
}
}
<?php
namespace Drupal\devel\Plugin\Block;
use Drupal\Core\Access\AccessResult;
use Drupal\Core\Block\BlockBase;
use Drupal\Core\Session\AccountInterface;
/**
* Provides a block for executing PHP code.
*
* @Block(
* id = "devel_execute_php",
* admin_label = @Translation("Execute PHP")
* )
*/
class DevelExecutePHP extends BlockBase {
/**
* {@inheritdoc}
*/
protected function blockAccess(AccountInterface $account) {
return AccessResult::allowedIfHasPermission($account, 'execute php code');
}
/**
* {@inheritdoc}
*/
public function build() {
return \Drupal::formBuilder()->getForm('Drupal\devel\Form\ExecutePHP');
}
}
......@@ -40,7 +40,6 @@ class DevelToolbarTest extends BrowserTestBase {
'devel.cache_clear',
'devel.container_info.service',
'devel.admin_settings_link',
'devel.execute_php',
'devel.menu_rebuild',
'devel.reinstall',
'devel.route_info',
......@@ -59,7 +58,6 @@ class DevelToolbarTest extends BrowserTestBase {
$this->develUser = $this->drupalCreateUser([
'administer site configuration',
'access devel information',
'execute php code',
'access toolbar',
]);
$this->toolbarUser = $this->drupalCreateUser([
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment