Added a Config Option to disable the PHP parse check on save of page

For #1038. Added staticpage config option 'enable_eval_php_save'
Geeklog-Core · Mar 17, 2020 · f3bef1b · f3bef1b
1 parent 46fa96c
commit f3bef1b
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 5 deletions.
diff --git a/plugins/staticpages/functions.inc b/plugins/staticpages/functions.inc
@@ -1744,6 +1744,8 @@ function plugin_upgrade_staticpages()
                 break;
 
             case '1.7.1':
+                staticpages_update_ConfValues_1_7_2();
+
                 $current_version = '1.7.2';
                 break;
 

diff --git a/plugins/staticpages/install_defaults.php b/plugins/staticpages/install_defaults.php
@@ -55,7 +55,7 @@
 
 // If you don't plan on using PHP code in static pages, you should set this
 // to 0, thus disabling the execution of PHP.
-$_SP_DEFAULT['allow_php'] = 1;
+$_SP_DEFAULT['allow_php'] = 0;
 
 // If you have more than one static page that is to be displayed in Geeklog's
 // center area, you can specify how to sort them:
@@ -81,6 +81,9 @@
  */
 $_SP_DEFAULT['aftersave'] = 'list';
 
+// When PHP included in page on save it will be parsed for errors (= 1) (if PHP 7+)
+$_SP_DEFAULT['enable_eval_php_save'] = 0;
+
 // Static pages can optionally be wrapped in a block. This setting defines
 // the default for that option (1 = wrap in a block, 0 = don't).
 $_SP_DEFAULT['in_block'] = 1;
@@ -178,6 +181,8 @@ function plugin_initconfig_staticpages()
         $c->add('fs_main', NULL, 'fieldset', 0, 0, NULL, 0, true, 'staticpages', 0);
         $c->add('allow_php', $_SP_DEFAULT['allow_php'], 'select',
                 0, 0, 0, 10, true, 'staticpages', 0);
+        $c->add('enable_eval_php_save', $_SP_DEFAULT['enable_eval_php_save'], 'select',
+            0, 0, 0, 15, true, 'staticpages', 0);
         $c->add('sort_by', $_SP_DEFAULT['sort_by'], 'select',
                 0, 0, 2, 20, true, 'staticpages', 0);
         $c->add('sort_menu_by', $_SP_DEFAULT['sort_menu_by'], 'select',

diff --git a/plugins/staticpages/install_updates.php b/plugins/staticpages/install_updates.php
@@ -177,3 +177,17 @@ function staticpages_addStructuredDataSecurityRight_1_7_1()
         DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$featureId}, {$staticPageAdminId}) ");
     }
 }
+
+function staticpages_update_ConfValues_1_7_2()
+{
+    global $_CONF, $_TABLES, $_SP_DEFAULT;
+
+    $c = config::get_instance();
+
+    require_once $_CONF['path'] . 'plugins/staticpages/install_defaults.php';
+
+    // Parse any PHP for errors included in page, on save of page
+    $c->add('enable_eval_php_save', $_SP_DEFAULT['enable_eval_php_save'], 'select', 0, 0, 0, 15, true, 'staticpages', 0);
+
+    return true;
+}
diff --git a/plugins/staticpages/language/english.php b/plugins/staticpages/language/english.php
@@ -157,6 +157,7 @@
 
 $LANG_confignames['staticpages'] = array(
     'allow_php' => 'Allow PHP?',
+    'enable_eval_php_save' => 'Parse PHP on Save of Page',
     'sort_by' => 'Sort Centerblocks by',
     'sort_menu_by' => 'Sort Menu Entries by',
     'sort_list_by' => 'Sort Admin List by',

diff --git a/plugins/staticpages/language/english_utf-8.php b/plugins/staticpages/language/english_utf-8.php
@@ -157,6 +157,7 @@
 
 $LANG_confignames['staticpages'] = array(
     'allow_php' => 'Allow PHP?',
+    'enable_eval_php_save' => 'Parse PHP on Save of Page',
     'sort_by' => 'Sort Centerblocks by',
     'sort_menu_by' => 'Sort Menu Entries by',
     'sort_list_by' => 'Sort Admin List by',

diff --git a/plugins/staticpages/language/japanese_utf-8.php b/plugins/staticpages/language/japanese_utf-8.php
@@ -162,6 +162,7 @@
 
 $LANG_confignames['staticpages'] = array(
     'allow_php' => 'PHPを許可する',
+    'enable_eval_php_save' => 'Parse PHP on Save of Page',
     'sort_by' => 'センターブロックの並べ替え',
     'sort_menu_by' => 'メニューの並べ替え',
     'sort_list_by' => '管理者ページの並べ替え',

diff --git a/plugins/staticpages/services.inc.php b/plugins/staticpages/services.inc.php
@@ -375,8 +375,8 @@ function service_submit_staticpages($args, &$output, &$svc_msg)
         }
     }
 
-    // Check PHP Parsing
-    if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP') && $sp_php != 0) {
+    // Check PHP Parsing if enabled and correct PHP version
+    if ($_SP_CONF['enable_eval_php_save'] && $_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP') && $sp_php != 0) {
         if (version_compare(PHP_VERSION, '7.0.0', '>=')) {
             // Use $sp_content instead of $page_data since the switch has not been made yet.
             $retarray = COM_handleEval($sp_content, $sp_php);

diff --git a/public_html/docs/english/staticpages.html b/public_html/docs/english/staticpages.html
@@ -162,9 +162,19 @@ <h3><a name="main">Static Pages Main Settings</a></h3>
 </tr>
 <tr>
   <td><a name="desc_allow_php">allow_php</a></td>
-  <td>true</td>
+  <td>false</td>
   <td>Allows you to globally allow or disallow the <a href="#php">use of PHP</a>
-    in static pages, i.e. it overrides the setting on individual pages.</td>
+    in static pages, i.e. on false this overrides the setting on individual pages.</td>
+</tr>
+<td><a name="desc_enable_eval_php_save">enable_eval_php_save</a></td>
+<td>false</td>
+<td>Allows you to globally allow or disallow the parsing of PHP for errors
+  when a page is saved. This only works if your website is using PHP v7 or higher.<br><br>
+  In most cases if you have <a href="#desc_allow_php">allow_php</a> enabled, you
+  will want this option enabled. <b>In some cases though depending on the PHP code
+  on the page, it may cause problems.</b> For example, if the PHP on a page, redirects
+  the page, you will want this disabled. During the parsing, the save process will
+  stop before it is complete because of the redirect.</td>
 </tr>
 <tr>
   <td><a name="desc_sort_by">sort_by</a></td>

diff --git a/public_html/docs/japanese/staticpages.html b/public_html/docs/japanese/staticpages.html
@@ -159,6 +159,16 @@ <h3><a name="main">静的ページの主な設定</a></h3>
   <td><code>はい</code></td>
   <td>静的ページにおいて、<a href="#php">PHPを許可する</a>。つまり、この設定で、個々のページの設定を上書きします</td>
 </tr>
+<td><a name="desc_enable_eval_php_save">enable_eval_php_save</a></td>
+<td>false</td>
+<td>Allows you to globally allow or disallow the parsing of PHP for errors
+  when a page is saved. This only works if your website is using PHP v7 or higher.<br><br>
+  In most cases if you have <a href="#desc_allow_php">allow_php</a> enabled, you
+  will want this option enabled. <b>In some cases though depending on the PHP code
+  on the page, it may cause problems.</b> For example, if the PHP on a page, redirects
+  the page, you will want this disabled. During the parsing, the save process will
+  stop before it is complete because of the redirect.</td>
+</tr>
 <tr>
   <td><a name="desc_sort_by">センターブロックの並べ替え(sort_by)</a></td>
   <td><span class="tt">ページID</span></td>