[theme-reviewers] Alternative to eval()

Rahul Bansal rahul.bansal at rtcamp.com
Fri Apr 29 14:00:36 UTC 2011 

Hello All,

First thanks for all answers/suggestions and questions/concerns.
Let me answer them all one-by-one. :-)


*@Philip Walton:*

> Out of curiosity, why are you wanting them to be able to execute PHP? I
> would think that someone savvy enough to hand code PHP into a textarea would
> be savvy enough to add it to the functions.php.


I agree.
In fact that why on rtpanel.com our extensive documentation will contain
articles on how to create child themes with style.css & function.php.

We still need a way to do some frequent task like as outlined in following
example:

   1. we have hook in theme to control what gets displayed beside logo in
   header
   2. we assume people will display ads or some banners which will change
   from time to time so having a textarea in backend will save time for such
   frequent edits
   3. I understand this can be done via plugin, but I am just trying to keep
   plugin dependency to lowest

This may not be a good reason but I am more concerned with givin options
which has its downside as well (like broken theme due to improper PHP code)

Or perhaps, if you're worried about upgrades overwriting such modifications,
> you could make your own custom-functions.php file that isn't controlled by
> svn. (Actually, that still may get deleted in an upgrade, someone else would
> have to confirm.)

"Upgrades" was one of biggest concern.
Regarding "custom-functions.php" - any good way to handle it in multisite
environment? Apart from one parent, multiple child-themes.

Idea was in multisite environment, using eval() "different" action handlers
will be executed for one common theme on different site.
Not sure if this is acceptable use-case but this was functionality we wanted
across our own blog-network and hence the efforts were taken in this
direction.

==

*@Justin Tadlock*

> Why not just make a plugin for this to extend the theme?

We are already done with developing a plugin. But I felt my use case (above
mentioned) is legitimate one.
So wanted to have a conversation here to get different opinions
from community member here.
I don't expect eval() to be allowed but wanted to see what are alternatives
if some critical need arise.
Please note that I do not consider my use case a "critical" case. ;-)

==

*@Otto*

> *add_action( $action_hook, create_function( '' , '?>'. $php_code ) );*

Seems WOW. I will definitely play with this. :-)
*
*

> There's entirely too much potential for users to put
> in bad PHP code, break their site, then not understand why.

Yep. Also as codes in test-area would go inside database, downloading fresh
copy of theme would not have helped.
Keeping that in mind, we choose plugin way rather than giving users way to
"reset" hooks.

==

*@Edward Caissie*

> This definitely sounds like plugin territory; there is no reason the Theme
> author could not write into their documentation a recommended plugin to
> enhance the Theme's functionality (provided the plugin is not "required" for
> the Theme to work correctly).
>
We are already created theme & plugin.
Soon plugin will go live on extend so that we will have its slug.
Next, we will give a one-click option to theme users if then want to install
a plugin to edit hooks inside theme. This option will have link to
alternative documentation page where recommendation and tutorial on how to
create child themes will be given.


==

So far, I believe, exploring eval() like alternative is not good idea.
Though I will try create_function as suggested by Otto and see how it
works.

Thanks all for your time... :-)

-Rahul
--
Rahul Bansal | Founder & CEO | rtCamp Solutions Pvt. Ltd.
Skype: rahul286 | Twitter: @rahul286 | Web: http://rtcamp.com/



On Thu, Apr 28, 2011 at 11:48 PM, Edward Caissie
<edward.caissie at gmail.com>wrote:

> This definitely sounds like plugin territory; there is no reason the Theme
> author could not write into their documentation a recommended plugin to
> enhance the Theme's functionality (provided the plugin is not "required" for
> the Theme to work correctly).
>
>
> Cais.
>
>
> On Thu, Apr 28, 2011 at 1:56 PM, Otto <otto at ottodestruct.com> wrote:
>
>> I'd seriously recommend against allowing users to input PHP code into
>> a theme's form field for execution... allowing them to paste in custom
>> HTML should be more than enough.
>>
>> But... if I was going to do something like this, I'd use
>> create_function instead of eval.
>>
>> add_action( $action_hook, create_function( '' , '?>'. $php_code ) );
>>
>> That said, I would be highly reluctant to do or allow this sort of
>> thing in a theme. There's entirely too much potential for users to put
>> in bad PHP code, break their site, then not understand why. The PHP
>> Code Widget I created years ago when widgets were new is probably my
>> most popular plugin, and I still get emails with people telling me
>> it's broken when it's really just their own bad copy-pasted code.
>>
>> This sort of thing is better off put into a plugin, so that it can be
>> disabled at will.
>>
>> -Otto
>>
>>
>>
>> On Thu, Apr 28, 2011 at 6:58 AM, Rahul Bansal <rahul.bansal at rtcamp.com>
>> wrote:
>> > Hi All,
>> > In next theme, we are preparing for open-source release, we want to
>> provide
>> > a "hooks-editor" interface.
>> > Like many pro themes, we have added a lot of custom action & filter
>> hooks in
>> > our theme code base.
>> > In admin area, we plan to provide list of hooks, each coupled with a
>> > textarea, which can be used to post php-html codes in them (like
>> > action-handlers)
>> > Now, to "execute" action handlers in textarea, we need to use eval()
>> > function in PHP which is prohibited here.
>> > So what are my alternatives here?
>> > Just a note - we do not want to provide custom.css and/or
>> > custom-functions.php files (like thesis provides) as they are hard to
>> > maintain in multisite environment.
>> > Also child-theme support is not yet present on repo so creating child
>> themes
>> > with style.css & function.php (to declare action handlers) is not
>> feasible
>> > either at this stage.
>> > Please suggest something.
>> > Thanks,
>> > -Rahul
>> > --
>> > Rahul Bansal | Founder & CEO | rtCamp Solutions Pvt. Ltd.
>> > Skype: rahul286 | Twitter: @rahul286 | Web: http://rtcamp.com/
>> >
>> >
>> > _______________________________________________
>> > theme-reviewers mailing list
>> > theme-reviewers at lists.wordpress.org
>> > http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>> >
>> >
>> _______________________________________________
>> theme-reviewers mailing list
>> theme-reviewers at lists.wordpress.org
>> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>>
>
>
> _______________________________________________
> theme-reviewers mailing list
> theme-reviewers at lists.wordpress.org
> http://lists.wordpress.org/mailman/listinfo/theme-reviewers
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.wordpress.org/pipermail/theme-reviewers/attachments/20110429/a6465268/attachment.htm>

More information about the theme-reviewers mailing list