WordPress.org

Ready to get started?Download WordPress

Forums

Allow user to add custom code without editing template (3 posts)

  1. ZebaSz
    Member
    Posted 2 years ago #

    I've been working on a fork to Chris Pirillo's old, extremely outdated WicketPixie, bringing it up to standard and adding new stuff while keeping all old functionality.
    One of my favourite functions is a custom code inserter. In specific parts of the templates, a function is called which includes a custom php file added by the user through an admin page. To this purpose, the admin page creates and writes the file. After running Theme-Check, I found some warnings about file operations, so I was looking for an alternative. I noticed eval is not allowed, so apparently storing the code in the database is not an option.
    Do you know of any accepted workaround to this? I understand file operations can be quite a safety hazard, but this feature is a must-have.
    The theme's code is available in a GitHub repo.

  2. Marventus
    Member
    Posted 2 years ago #

    Hi.
    Will the custom PHP code be added by the user? If so, where exactly,and what exactly is it you are trying to accomplish?
    Off the top of my head, storing the PHP code in the DB or inside a custom field seems like a bad idea, since neither is designed for that AFAIK. What you could is install Exec-PHP with a role manager plugin to control who has PHP editing capabilities, but not sure if that's what you had in mind.

  3. ZebaSz
    Member
    Posted 2 years ago #

    Hi. Thanks for your reply :)
    Yes, the custom PHP/HTML code would be added by the user for whatever purpose they might have. For example, I added custom code functionality to the 404 template. So, if the user does not like the stock 404 message, he can type one of his one. Or even add the Apache Google 404 function call. There are also custom code calls in <head> (I use it for some custom CSS rules), after each post, before </body> and a few other places.
    I'll take a look into Exec-PHP. Thanks again!

    EDIT: As it turns out, Exec-PHP also uses eval, so that's not a viable solution.

Topic Closed

This topic has been closed to new replies.

About this Topic