[theme-reviewers] Alternative to eval()
Edward Caissie
edward.caissie at gmail.com
Thu Apr 28 18:18:30 UTC 2011
This definitely sounds like plugin territory; there is no reason the Theme
author could not write into their documentation a recommended plugin to
enhance the Theme's functionality (provided the plugin is not "required" for
the Theme to work correctly).
Cais.
On Thu, Apr 28, 2011 at 1:56 PM, Otto <otto at ottodestruct.com> wrote:
> I'd seriously recommend against allowing users to input PHP code into
> a theme's form field for execution... allowing them to paste in custom
> HTML should be more than enough.
>
> But... if I was going to do something like this, I'd use
> create_function instead of eval.
>
> add_action( $action_hook, create_function( '' , '?>'. $php_code ) );
>
> That said, I would be highly reluctant to do or allow this sort of
> thing in a theme. There's entirely too much potential for users to put
> in bad PHP code, break their site, then not understand why. The PHP
> Code Widget I created years ago when widgets were new is probably my
> most popular plugin, and I still get emails with people telling me
> it's broken when it's really just their own bad copy-pasted code.
>
> This sort of thing is better off put into a plugin, so that it can be
> disabled at will.
>
> -Otto
>
>
>
> On Thu, Apr 28, 2011 at 6:58 AM, Rahul Bansal <rahul.bansal at rtcamp.com>
> wrote:
> > Hi All,
> > In next theme, we are preparing for open-source release, we want to
> provide
> > a "hooks-editor" interface.
> > Like many pro themes, we have added a lot of custom action & filter hooks
> in
> > our theme code base.
> > In admin area, we plan to provide list of hooks, each coupled with a
> > textarea, which can be used to post php-html codes in them (like
> > action-handlers)
> > Now, to "execute" action handlers in textarea, we need to use eval()
> > function in PHP which is prohibited here.
> > So what are my alternatives here?
> > Just a note - we do not want to provide custom.css and/or
> > custom-functions.php files (like thesis provides) as they are hard to
> > maintain in multisite environment.
> > Also child-theme support is not yet present on repo so creating child
> themes
> > with style.css & function.php (to declare action handlers) is not
> feasible
> > either at this stage.
> > Please suggest something.
> > Thanks,
> > -Rahul
> > --
> > Rahul Bansal | Founder & CEO | rtCamp Solutions Pvt. Ltd.
> > Skype: rahul286 | Twitter: @rahul286 | Web: http://rtcamp.com/
> >
> >
> > _______________________________________________
> > theme-reviewers mailing list
> > theme-reviewers at lists.wordpress.org
> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
> >
> >
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110428/7d231971/attachment-0001.htm>
More information about the theme-reviewers
mailing list