Commit 0f08d97b authored by webchick's avatar webchick

#124158 by nedjo, jcnventura: Pull all PHP handling into PHP module.

parent 8550540b
......@@ -1908,50 +1908,6 @@ function drupal_map_assoc($array, $function = NULL) {
}
}
/**
* Evaluate a string of PHP code.
*
* This is a wrapper around PHP's eval(). It uses output buffering to capture both
* returned and printed text. Unlike eval(), we require code to be surrounded by
* <?php ?> tags; in other words, we evaluate the code as if it were a stand-alone
* PHP file.
*
* Using this wrapper also ensures that the PHP code which is evaluated can not
* overwrite any variables in the calling code, unlike a regular eval() call.
*
* @param $code
* The code to evaluate.
* @return
* A string containing the printed output of the code, followed by the returned
* output of the code.
*/
function drupal_eval($code) {
global $theme_path, $theme_info, $conf;
// Store current theme path.
$old_theme_path = $theme_path;
// Restore theme_path to the theme, as long as drupal_eval() executes,
// so code evaluated will not see the caller module as the current theme.
// If theme info is not initialized get the path from theme_default.
if (!isset($theme_info)) {
$theme_path = drupal_get_path('theme', $conf['theme_default']);
}
else {
$theme_path = dirname($theme_info->filename);
}
ob_start();
print eval('?>' . $code);
$output = ob_get_contents();
ob_end_clean();
// Recover original theme path.
$theme_path = $old_theme_path;
return $output;
}
/**
* Returns the path to a system item (module, theme, etc.).
*
......
......@@ -190,7 +190,7 @@ function block_admin_configure(&$form_state, $module = NULL, $delta = 0) {
'#collapsed' => TRUE,
);
$access = user_access('use PHP for block visibility');
$access = user_access('use PHP for settings');
if ($edit['visibility'] == 2 && !$access) {
$form['page_vis_settings'] = array();
$form['page_vis_settings']['visibility'] = array('#type' => 'value', '#value' => 2);
......@@ -200,7 +200,7 @@ function block_admin_configure(&$form_state, $module = NULL, $delta = 0) {
$options = array(t('Show on every page except the listed pages.'), t('Show on only the listed pages.'));
$description = t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are %blog for the blog page and %blog-wildcard for every personal blog. %front is the front page.", array('%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '<front>'));
if ($access) {
if (module_exists('php') && $access) {
$options[] = t('Show if the following PHP code returns <code>TRUE</code> (PHP-mode, experts only).');
$description .= ' ' . t('If the PHP-mode is chosen, enter PHP code between %php. Note that executing incorrect PHP-code can break your Drupal site.', array('%php' => '<?php ?>'));
}
......
......@@ -113,10 +113,6 @@ function block_perm() {
'title' => t('Administer blocks'),
'description' => t('Select which blocks are displayed, and arrange them on the page.'),
),
'use PHP for block visibility' => array(
'title' => t('Use PHP for block visibility'),
'description' => t('Enter PHP code in the field for block visibility settings. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
),
);
}
......@@ -608,8 +604,11 @@ function _block_load_blocks() {
// is displayed only on those pages listed in $block->pages.
$page_match = !($block->visibility xor $page_match);
}
elseif (module_exists('php')) {
$page_match = php_eval($block->pages);
}
else {
$page_match = drupal_eval($block->pages);
$page_match = FALSE;
}
}
else {
......
......@@ -21,6 +21,62 @@ function php_help($path, $arg) {
}
}
/**
* Implementation of hook_perm().
*/
function php_perm() {
return array(
'use PHP for settings' => array(
'title' => t('Use PHP for settings'),
'description' => t('Enter PHP in settings fields where PHP is allowed. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
),
);
}
/**
* Evaluate a string of PHP code.
*
* This is a wrapper around PHP's eval(). It uses output buffering to capture both
* returned and printed text. Unlike eval(), we require code to be surrounded by
* <?php ?> tags; in other words, we evaluate the code as if it were a stand-alone
* PHP file.
*
* Using this wrapper also ensures that the PHP code which is evaluated can not
* overwrite any variables in the calling code, unlike a regular eval() call.
*
* @param $code
* The code to evaluate.
* @return
* A string containing the printed output of the code, followed by the returned
* output of the code.
*/
function php_eval($code) {
global $theme_path, $theme_info, $conf;
// Store current theme path.
$old_theme_path = $theme_path;
// Restore theme_path to the theme, as long as php_eval() executes,
// so code evaluated will not see the caller module as the current theme.
// If theme info is not initialized get the path from theme_default.
if (!isset($theme_info)) {
$theme_path = drupal_get_path('theme', $conf['theme_default']);
}
else {
$theme_path = dirname($theme_info->filename);
}
ob_start();
print eval('?>' . $code);
$output = ob_get_contents();
ob_end_clean();
// Recover original theme path.
$theme_path = $old_theme_path;
return $output;
}
/**
* Implementation of hook_filter_tips().
*/
......@@ -79,7 +135,7 @@ function php_filter($op, $delta = 0, $format = -1, $text = '') {
case 'description':
return t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!');
case 'process':
return drupal_eval($text);
return php_eval($text);
default:
return $text;
}
......
......@@ -3429,6 +3429,15 @@ function system_update_7022() {
return $ret;
}
/**
* Change the PHP for settings permission.
*/
function system_update_7023() {
$ret = array();
$ret[] = update_sql("UPDATE {role_permission} SET permission = 'use PHP for settings' WHERE permission = 'use PHP for block visibility'");
return $ret;
}
/**
* @} End of "defgroup updates-6.x-to-7.x"
* The next series of updates should start at 8000.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment