I think it’s generally considered a security risk to permit user-specified fields in the WP admin interface to execute arbitrary PHP, unless of course this is extremely clear and intentional.
Instead, try examining the plugin files and seeing if you can tweak them, or possibly extend them logically and programmatically!
If you make an enhancement, post it back here as a “patch” to improve the application.
In includes/wp-greet-box.class.php, around line 149, wrap a do_shortcode around the text being returned. This will allow a shortcode to be processed.
You can alter the code at the same place to basically do what you want (process PHP, texturize, etc.)
function get_message_html($message, $close) {
$html = '';
if ( strlen ( $message['icon'] ) > 0 ) {
// do not show icon if there is no icon url
$html .= $this->o['before_icon'].$this->get_icon_html($message['icon'], $message['icon_link']).$this->o['after_icon'];
}
if($close && $this->o['can_close']) {
$html .= '<div class="greet_block_close"><a id="greet_block_close" href="#">X</a></div>';
}
//DS: Wrapped text in do_shortcode to include posts as greet blocks
$html .= do_shortcode($message['text']);
return $html;
}
I’m using it in http://www.talmud-wiki.org to put posts in a greet box via the WordPress-custom-post-widget plugin…. Basically, my greet box consists of:
[content_block="702"]
and post #702 (a custom type from that plugin) shows up in the Greet Box.
Thaya – Please include this in the next version, perhaps with a checkbox for each greetbox saying “Process content of GreetBox” to turn the feature on/off per box.
Thanks,
David Szego
