From f3bef1b40ecef0b4ae3c0588aa9c1cadc2830f0f Mon Sep 17 00:00:00 2001 From: eSilverStrike Date: Tue, 17 Mar 2020 16:17:28 -0400 Subject: [PATCH] Added a Config Option to disable the PHP parse check on save of page For #1038. Added staticpage config option 'enable_eval_php_save' --- plugins/staticpages/functions.inc | 2 ++ plugins/staticpages/install_defaults.php | 7 ++++++- plugins/staticpages/install_updates.php | 14 ++++++++++++++ plugins/staticpages/language/english.php | 1 + plugins/staticpages/language/english_utf-8.php | 1 + plugins/staticpages/language/japanese_utf-8.php | 1 + plugins/staticpages/services.inc.php | 4 ++-- public_html/docs/english/staticpages.html | 14 ++++++++++++-- public_html/docs/japanese/staticpages.html | 10 ++++++++++ 9 files changed, 49 insertions(+), 5 deletions(-) diff --git a/plugins/staticpages/functions.inc b/plugins/staticpages/functions.inc index 59c5e2a19..167873e84 100755 --- a/plugins/staticpages/functions.inc +++ b/plugins/staticpages/functions.inc @@ -1744,6 +1744,8 @@ function plugin_upgrade_staticpages() break; case '1.7.1': + staticpages_update_ConfValues_1_7_2(); + $current_version = '1.7.2'; break; diff --git a/plugins/staticpages/install_defaults.php b/plugins/staticpages/install_defaults.php index 2cf6ee3b1..2b17ac2b8 100644 --- a/plugins/staticpages/install_defaults.php +++ b/plugins/staticpages/install_defaults.php @@ -55,7 +55,7 @@ // If you don't plan on using PHP code in static pages, you should set this // to 0, thus disabling the execution of PHP. -$_SP_DEFAULT['allow_php'] = 1; +$_SP_DEFAULT['allow_php'] = 0; // If you have more than one static page that is to be displayed in Geeklog's // center area, you can specify how to sort them: @@ -81,6 +81,9 @@ */ $_SP_DEFAULT['aftersave'] = 'list'; +// When PHP included in page on save it will be parsed for errors (= 1) (if PHP 7+) +$_SP_DEFAULT['enable_eval_php_save'] = 0; + // Static pages can optionally be wrapped in a block. This setting defines // the default for that option (1 = wrap in a block, 0 = don't). $_SP_DEFAULT['in_block'] = 1; @@ -178,6 +181,8 @@ function plugin_initconfig_staticpages() $c->add('fs_main', NULL, 'fieldset', 0, 0, NULL, 0, true, 'staticpages', 0); $c->add('allow_php', $_SP_DEFAULT['allow_php'], 'select', 0, 0, 0, 10, true, 'staticpages', 0); + $c->add('enable_eval_php_save', $_SP_DEFAULT['enable_eval_php_save'], 'select', + 0, 0, 0, 15, true, 'staticpages', 0); $c->add('sort_by', $_SP_DEFAULT['sort_by'], 'select', 0, 0, 2, 20, true, 'staticpages', 0); $c->add('sort_menu_by', $_SP_DEFAULT['sort_menu_by'], 'select', diff --git a/plugins/staticpages/install_updates.php b/plugins/staticpages/install_updates.php index 8d3e5a7db..2717d1b00 100644 --- a/plugins/staticpages/install_updates.php +++ b/plugins/staticpages/install_updates.php @@ -177,3 +177,17 @@ function staticpages_addStructuredDataSecurityRight_1_7_1() DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$featureId}, {$staticPageAdminId}) "); } } + +function staticpages_update_ConfValues_1_7_2() +{ + global $_CONF, $_TABLES, $_SP_DEFAULT; + + $c = config::get_instance(); + + require_once $_CONF['path'] . 'plugins/staticpages/install_defaults.php'; + + // Parse any PHP for errors included in page, on save of page + $c->add('enable_eval_php_save', $_SP_DEFAULT['enable_eval_php_save'], 'select', 0, 0, 0, 15, true, 'staticpages', 0); + + return true; +} diff --git a/plugins/staticpages/language/english.php b/plugins/staticpages/language/english.php index 4b2913bc3..69401fe99 100644 --- a/plugins/staticpages/language/english.php +++ b/plugins/staticpages/language/english.php @@ -157,6 +157,7 @@ $LANG_confignames['staticpages'] = array( 'allow_php' => 'Allow PHP?', + 'enable_eval_php_save' => 'Parse PHP on Save of Page', 'sort_by' => 'Sort Centerblocks by', 'sort_menu_by' => 'Sort Menu Entries by', 'sort_list_by' => 'Sort Admin List by', diff --git a/plugins/staticpages/language/english_utf-8.php b/plugins/staticpages/language/english_utf-8.php index 3cc1ca829..eb8b21e77 100644 --- a/plugins/staticpages/language/english_utf-8.php +++ b/plugins/staticpages/language/english_utf-8.php @@ -157,6 +157,7 @@ $LANG_confignames['staticpages'] = array( 'allow_php' => 'Allow PHP?', + 'enable_eval_php_save' => 'Parse PHP on Save of Page', 'sort_by' => 'Sort Centerblocks by', 'sort_menu_by' => 'Sort Menu Entries by', 'sort_list_by' => 'Sort Admin List by', diff --git a/plugins/staticpages/language/japanese_utf-8.php b/plugins/staticpages/language/japanese_utf-8.php index 4846eec3b..06c89de73 100644 --- a/plugins/staticpages/language/japanese_utf-8.php +++ b/plugins/staticpages/language/japanese_utf-8.php @@ -162,6 +162,7 @@ $LANG_confignames['staticpages'] = array( 'allow_php' => 'PHPを許可する', + 'enable_eval_php_save' => 'Parse PHP on Save of Page', 'sort_by' => 'センターブロックの並べ替え', 'sort_menu_by' => 'メニューの並べ替え', 'sort_list_by' => '管理者ページの並べ替え', diff --git a/plugins/staticpages/services.inc.php b/plugins/staticpages/services.inc.php index 54b75013b..2d0af7422 100644 --- a/plugins/staticpages/services.inc.php +++ b/plugins/staticpages/services.inc.php @@ -375,8 +375,8 @@ function service_submit_staticpages($args, &$output, &$svc_msg) } } - // Check PHP Parsing - if ($_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP') && $sp_php != 0) { + // Check PHP Parsing if enabled and correct PHP version + if ($_SP_CONF['enable_eval_php_save'] && $_SP_CONF['allow_php'] == 1 && SEC_hasRights('staticpages.PHP') && $sp_php != 0) { if (version_compare(PHP_VERSION, '7.0.0', '>=')) { // Use $sp_content instead of $page_data since the switch has not been made yet. $retarray = COM_handleEval($sp_content, $sp_php); diff --git a/public_html/docs/english/staticpages.html b/public_html/docs/english/staticpages.html index 61e85ffb7..90c62064e 100644 --- a/public_html/docs/english/staticpages.html +++ b/public_html/docs/english/staticpages.html @@ -162,9 +162,19 @@

Static Pages Main Settings

allow_php - true + false Allows you to globally allow or disallow the use of PHP - in static pages, i.e. it overrides the setting on individual pages. + in static pages, i.e. on false this overrides the setting on individual pages. + +enable_eval_php_save +false +Allows you to globally allow or disallow the parsing of PHP for errors + when a page is saved. This only works if your website is using PHP v7 or higher.

+ In most cases if you have allow_php enabled, you + will want this option enabled. In some cases though depending on the PHP code + on the page, it may cause problems. For example, if the PHP on a page, redirects + the page, you will want this disabled. During the parsing, the save process will + stop before it is complete because of the redirect. sort_by diff --git a/public_html/docs/japanese/staticpages.html b/public_html/docs/japanese/staticpages.html index 73c4bc609..d5f852b87 100644 --- a/public_html/docs/japanese/staticpages.html +++ b/public_html/docs/japanese/staticpages.html @@ -159,6 +159,16 @@

静的ページの主な設定

はい 静的ページにおいて、PHPを許可する。つまり、この設定で、個々のページの設定を上書きします +enable_eval_php_save +false +Allows you to globally allow or disallow the parsing of PHP for errors + when a page is saved. This only works if your website is using PHP v7 or higher.

+ In most cases if you have allow_php enabled, you + will want this option enabled. In some cases though depending on the PHP code + on the page, it may cause problems. For example, if the PHP on a page, redirects + the page, you will want this disabled. During the parsing, the save process will + stop before it is complete because of the redirect. + センターブロックの並べ替え(sort_by) ページID