New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[4.0] Provide us an easy way to use PHP code in modules or articles? #25783
Comments
Because it opens your web site to any number of security vulnerabilities
There are several extensions available at https://extensions.joomla.org that will let you do this |
Set to "closed" on behalf of @alikon by The JTracker Application at issues.joomla.org/joomla-cms/25783 |
Sounds very stupid… as the same applies for
And you guess what? We can embed php code in them… So these open our web sites with any number of security vulnerabilities…
I did not ask for extensions, but at least for some documentation… Seems I will waste my time to figure out how it works. |
Only Super-Administrators can install extensions or edit template files. If you can't trust those users, then all is lost anyway. For all other users, there is no way to embed PHP code for security reasons. If you allow them to run PHP code, then you can as well give them full access to your server. So if you really need that feature, you need to find some extension which allows that and you seriously need to make sure only users which you trust blindly are allowed to use it. |
Did you know that Joomla provide ACL? (sure you know…) We could use ACL to enable selected user, ONLY, to embed PHP code… like by default Super-Administrators etc… |
You don't understand. |
You waste my time… Read again and again my posts, until you are able to understand what I mean. Everything you wrote is stupid as:
Now as you are too much psychorigid for me, I will not waste my time anymore with you on this topic. I have done with it, and I am near to find my solution. |
I am sure you will share such a solution by proposing a PR. |
@vintzl could you please claim down and be a bit more friendly. Everyone here tries to make Joomla better. Adding the possibility to execute PHP code will lead to security problems for in experienced users. As power user you are able to simply install an extension that can do this. If you really want it simple you can even do this with a template override and set the filter to raw on mod_custom. Then you have done it with core. But giving this to an end user would only lead to security problems. And no filtering php code is not trivial. |
OK, I am sorry if anyone was offended. |
Why we cannot use PHP code in modules or articles?
Why not simply allowing PHP code in articles/modules, by providing an option in Joomla?
Or provide us the way to do this without using extensions, by the mean of documentation, because I find nowhere where to start…
The text was updated successfully, but these errors were encountered: