summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAngie Byron2009-05-07 15:29:08 (GMT)
committerAngie Byron2009-05-07 15:29:08 (GMT)
commit0f08d97b2151b8baab95f92d46808d250191b2f1 (patch)
tree19c5465da97f13a42dae43f59cec8982999465bb
parent8550540b511967961c095fc085c8cc8062c424f3 (diff)
#124158 by nedjo, jcnventura: Pull all PHP handling into PHP module.
-rw-r--r--includes/common.inc44
-rw-r--r--modules/block/block.admin.inc4
-rw-r--r--modules/block/block.module9
-rw-r--r--modules/php/php.module58
-rw-r--r--modules/system/system.install9
5 files changed, 72 insertions, 52 deletions
diff --git a/includes/common.inc b/includes/common.inc
index d79b78c..c2c7d54 100644
--- a/includes/common.inc
+++ b/includes/common.inc
@@ -1909,50 +1909,6 @@ function drupal_map_assoc($array, $function = NULL) {
}
/**
- * Evaluate a string of PHP code.
- *
- * This is a wrapper around PHP's eval(). It uses output buffering to capture both
- * returned and printed text. Unlike eval(), we require code to be surrounded by
- * <?php ?> tags; in other words, we evaluate the code as if it were a stand-alone
- * PHP file.
- *
- * Using this wrapper also ensures that the PHP code which is evaluated can not
- * overwrite any variables in the calling code, unlike a regular eval() call.
- *
- * @param $code
- * The code to evaluate.
- * @return
- * A string containing the printed output of the code, followed by the returned
- * output of the code.
- */
-function drupal_eval($code) {
- global $theme_path, $theme_info, $conf;
-
- // Store current theme path.
- $old_theme_path = $theme_path;
-
- // Restore theme_path to the theme, as long as drupal_eval() executes,
- // so code evaluated will not see the caller module as the current theme.
- // If theme info is not initialized get the path from theme_default.
- if (!isset($theme_info)) {
- $theme_path = drupal_get_path('theme', $conf['theme_default']);
- }
- else {
- $theme_path = dirname($theme_info->filename);
- }
-
- ob_start();
- print eval('?>' . $code);
- $output = ob_get_contents();
- ob_end_clean();
-
- // Recover original theme path.
- $theme_path = $old_theme_path;
-
- return $output;
-}
-
-/**
* Returns the path to a system item (module, theme, etc.).
*
* @param $type
diff --git a/modules/block/block.admin.inc b/modules/block/block.admin.inc
index 5fcfbdb..c99973f 100644
--- a/modules/block/block.admin.inc
+++ b/modules/block/block.admin.inc
@@ -190,7 +190,7 @@ function block_admin_configure(&$form_state, $module = NULL, $delta = 0) {
'#collapsed' => TRUE,
);
- $access = user_access('use PHP for block visibility');
+ $access = user_access('use PHP for settings');
if ($edit['visibility'] == 2 && !$access) {
$form['page_vis_settings'] = array();
$form['page_vis_settings']['visibility'] = array('#type' => 'value', '#value' => 2);
@@ -200,7 +200,7 @@ function block_admin_configure(&$form_state, $module = NULL, $delta = 0) {
$options = array(t('Show on every page except the listed pages.'), t('Show on only the listed pages.'));
$description = t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are %blog for the blog page and %blog-wildcard for every personal blog. %front is the front page.", array('%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '<front>'));
- if ($access) {
+ if (module_exists('php') && $access) {
$options[] = t('Show if the following PHP code returns <code>TRUE</code> (PHP-mode, experts only).');
$description .= ' ' . t('If the PHP-mode is chosen, enter PHP code between %php. Note that executing incorrect PHP-code can break your Drupal site.', array('%php' => '<?php ?>'));
}
diff --git a/modules/block/block.module b/modules/block/block.module
index ae79d14..9a46ba7 100644
--- a/modules/block/block.module
+++ b/modules/block/block.module
@@ -113,10 +113,6 @@ function block_perm() {
'title' => t('Administer blocks'),
'description' => t('Select which blocks are displayed, and arrange them on the page.'),
),
- 'use PHP for block visibility' => array(
- 'title' => t('Use PHP for block visibility'),
- 'description' => t('Enter PHP code in the field for block visibility settings. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
- ),
);
}
@@ -608,8 +604,11 @@ function _block_load_blocks() {
// is displayed only on those pages listed in $block->pages.
$page_match = !($block->visibility xor $page_match);
}
+ elseif (module_exists('php')) {
+ $page_match = php_eval($block->pages);
+ }
else {
- $page_match = drupal_eval($block->pages);
+ $page_match = FALSE;
}
}
else {
diff --git a/modules/php/php.module b/modules/php/php.module
index de7371b..cd1ea53 100644
--- a/modules/php/php.module
+++ b/modules/php/php.module
@@ -22,6 +22,62 @@ function php_help($path, $arg) {
}
/**
+ * Implementation of hook_perm().
+ */
+function php_perm() {
+ return array(
+ 'use PHP for settings' => array(
+ 'title' => t('Use PHP for settings'),
+ 'description' => t('Enter PHP in settings fields where PHP is allowed. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))),
+ ),
+ );
+}
+
+/**
+ * Evaluate a string of PHP code.
+ *
+ * This is a wrapper around PHP's eval(). It uses output buffering to capture both
+ * returned and printed text. Unlike eval(), we require code to be surrounded by
+ * <?php ?> tags; in other words, we evaluate the code as if it were a stand-alone
+ * PHP file.
+ *
+ * Using this wrapper also ensures that the PHP code which is evaluated can not
+ * overwrite any variables in the calling code, unlike a regular eval() call.
+ *
+ * @param $code
+ * The code to evaluate.
+ * @return
+ * A string containing the printed output of the code, followed by the returned
+ * output of the code.
+ */
+function php_eval($code) {
+ global $theme_path, $theme_info, $conf;
+
+ // Store current theme path.
+ $old_theme_path = $theme_path;
+
+ // Restore theme_path to the theme, as long as php_eval() executes,
+ // so code evaluated will not see the caller module as the current theme.
+ // If theme info is not initialized get the path from theme_default.
+ if (!isset($theme_info)) {
+ $theme_path = drupal_get_path('theme', $conf['theme_default']);
+ }
+ else {
+ $theme_path = dirname($theme_info->filename);
+ }
+
+ ob_start();
+ print eval('?>' . $code);
+ $output = ob_get_contents();
+ ob_end_clean();
+
+ // Recover original theme path.
+ $theme_path = $old_theme_path;
+
+ return $output;
+}
+
+/**
* Implementation of hook_filter_tips().
*/
function php_filter_tips($delta, $format, $long = FALSE) {
@@ -79,7 +135,7 @@ function php_filter($op, $delta = 0, $format = -1, $text = '') {
case 'description':
return t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!');
case 'process':
- return drupal_eval($text);
+ return php_eval($text);
default:
return $text;
}
diff --git a/modules/system/system.install b/modules/system/system.install
index 8dc92d4..ff05bec 100644
--- a/modules/system/system.install
+++ b/modules/system/system.install
@@ -3430,6 +3430,15 @@ function system_update_7022() {
}
/**
+ * Change the PHP for settings permission.
+ */
+function system_update_7023() {
+ $ret = array();
+ $ret[] = update_sql("UPDATE {role_permission} SET permission = 'use PHP for settings' WHERE permission = 'use PHP for block visibility'");
+ return $ret;
+}
+
+/**
* @} End of "defgroup updates-6.x-to-7.x"
* The next series of updates should start at 8000.
*/