[theme-reviewers] Alternative to eval()
Otto
otto at ottodestruct.com
Thu Apr 28 17:56:48 UTC 2011
I'd seriously recommend against allowing users to input PHP code into
a theme's form field for execution... allowing them to paste in custom
HTML should be more than enough.
But... if I was going to do something like this, I'd use
create_function instead of eval.
add_action( $action_hook, create_function( '' , '?>'. $php_code ) );
That said, I would be highly reluctant to do or allow this sort of
thing in a theme. There's entirely too much potential for users to put
in bad PHP code, break their site, then not understand why. The PHP
Code Widget I created years ago when widgets were new is probably my
most popular plugin, and I still get emails with people telling me
it's broken when it's really just their own bad copy-pasted code.
This sort of thing is better off put into a plugin, so that it can be
disabled at will.
-Otto
On Thu, Apr 28, 2011 at 6:58 AM, Rahul Bansal <rahul.bansal at rtcamp.com> wrote:
> Hi All,
> In next theme, we are preparing for open-source release, we want to provide
> a "hooks-editor" interface.
> Like many pro themes, we have added a lot of custom action & filter hooks in
> our theme code base.
> In admin area, we plan to provide list of hooks, each coupled with a
> textarea, which can be used to post php-html codes in them (like
> action-handlers)
> Now, to "execute" action handlers in textarea, we need to use eval()
> function in PHP which is prohibited here.
> So what are my alternatives here?
> Just a note - we do not want to provide custom.css and/or
> custom-functions.php files (like thesis provides) as they are hard to
> maintain in multisite environment.
> Also child-theme support is not yet present on repo so creating child themes
> with style.css & function.php (to declare action handlers) is not feasible
> either at this stage.
> Please suggest something.
> Thanks,
> -Rahul
> --
> Rahul Bansal | Founder & CEO | rtCamp Solutions Pvt. Ltd.
> Skype: rahul286 | Twitter: @rahul286 | Web: http://rtcamp.com/
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
More information about the theme-reviewers
mailing list