[wp-trac] Re: [WordPress Trac] #4275: PHP Exec Widgets repeat in WP
2.2 widget implementation
WordPress Trac
wp-trac at lists.automattic.com
Thu May 17 16:41:50 GMT 2007
#4275: PHP Exec Widgets repeat in WP 2.2 widget implementation
---------------------------------+------------------------------------------
Reporter: technosailor | Owner: anonymous
Type: defect | Status: closed
Priority: high | Milestone: 2.2.1
Component: Administration | Version: 2.2
Severity: normal | Resolution: fixed
Keywords: widgets needs-patch |
---------------------------------+------------------------------------------
Comment (by Otto42):
Your call on whether you want it integrated or not, but let me offer my
opinion:
1. I made it as a plugin to solve my migration problems. It made it
extremely easy to migrate my existing sidebar. However, in the long run, I
stopped using it as widgets became available to do exactly what I wanted.
Now, if I had not made the ExecPHP widget first, somebody else would have.
However, on the whole, I think it's bad as it is very simple to use and
possibly causes some plugin authors to not bother writing a widget for
their sidebar plugins.
2. It's potentially a security risk for multi-user blogs. Maybe. Some
roles/capabilities need to be examined to be sure. I didn't bother adding
any extra security layers to it, and don't know if they are needed.
3. Instead of making a separate widget for it, I suggest adding a checkbox
to the Text widget config screen that will turn on/off the execution of
PHP code found in the text box. No need for two widgets where one will do.
--
Ticket URL: <http://trac.wordpress.org/ticket/4275#comment:15>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list