Support » Fixing WordPress » Disable PHP coding

  • Resolved sefyr


    Hello I want to restrict my user to put PHP code in post box and comment box.
    I want to see only text even they write php code in it?

    Is it possible?

    I am very new please explain me with some details.

    Kind Regards

Viewing 14 replies - 1 through 14 (of 14 total)
  • Moderator Samuel Wood (Otto)

    (@otto42) Admin

    Ummm.. You can’t use PHP code in posts or comments by default. Well, you can, but you’ll just see the code. It won’t actually run or anything.

    Unfortunately PHP code works. I do not want any PHP code running and

    OK Lets test here


    $wpvarstoreset = array(‘action’, ‘safe_mode’, ‘withcomments’, ‘posts’, ‘content’, ‘edited_post_title’, ‘comment_error’, ‘profile’, ‘trackback_url’, ‘excerpt’, ‘showcomments’, ‘commentstart’, ‘commentend’, ‘commentorder’ );

    For example :In my site the above code executes itself in posts and comments when I submit

    Please help

    I want to disable PHP code

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    If you are able to run PHP code in comments or posts, then you have a plugin specifically allowing you to do that. It does *NOT* work by default.

    Find and disable the plugin that lets you run PHP code in the first place.

    Also, don’t get confused about what “executes” and what just “gets removed”. It may simply not be displaying on the page, but unless you have a plugin to run it, it will not actually execute.


    $title = __(‘Profile’);

    $parent_file = ‘profile.php’;
    $profileuser = new WP_User($user_ID);

    $bookmarklet_height= 440;

    I just tested above 2 php code here it does not work but it works at my site my site badly effected already

    Otto is correct – by default WP will NOT execute the php. In fact, I’ve verified it on 3 differing blogs now.
    You must have a plugin or hack affecting this behavior.

    As Otto said, it must be a plugin (I know I have runPHP in my plugins) that’s activated. WordPress does *NOT* allow PHP code to run just by typing it into a comment box or whatever. It’ll show up as plain text, or just show up blank, but it won’t run – not unless you have something that *you* have enabled on your site to allow it to happen.

    OK Friends Thanks for your valuable feedbacks.
    Let me give you more information.
    -I am very new as I said before
    -I just installed latest WordPress 2.0.5 and I started some testing, then I realized that
    – Could PHP plugin can be come default, in this version.

    I have also checked the installed plugins but I do not see anything related with PHP. There is only Akismet

    If somehow it is enabled then how can I disable it? it is realy disturbing me because I am planning to get 1000 hits per day, If PHP coding enabled like this, I can not go on

    Thanks again

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    No, a PHP plugin does not come by default and it never will. That would be a massive security hole.

    If you can run PHP code in comments, then you somehow enabled that to happen.

    On the other hand, if you’re just not *seeing* the code in the comment after posting it, that doesn’t mean it’s actually running.

    Considering the weird code you keep posting, I’m not sure what you’re actually trying to accomplish with most of it. Try something like this instead:
    <?php phpinfo(); ?>

    That’ll tell you for certain whether or not your comments are running as PHP code. The phpinfo() command outputs a huge amount of information.

    Hello Otto,
    I really thank especially you other friends for your time and support.
    I tested
    <?php phpinfo(); ?> in a post as you suggested

    when I publish I see a blank page.
    You said it is normal

    I think, I know now, the cause of this problem. I created myself. I was trying to test WordPress with different level of users at the same time in the same computer with a lot of WordPress pages, admin panels opened, then I think folder permission settings changed because of that(I guess). So when I put a above php code(it is the beginning of profile.php file, I just copy and paste it to test, so I had no special aim with it) my pages geometry defected and the side menu was appearing at the bottom of the page. If I delete the this post, everthing became normal. So I thought that the code is executed.

    I closed all the pages, I changed folder permissions then I tested the users one by one with only one page open.Now the problem gone.

    Thanks for your help.

    But I still wonder, why do I get a blank page when I write a code? Is it possible to see everything exactly as I write in the box?

    Moderator Samuel Wood (Otto)

    (@otto42) Admin

    I suspect that it’s simply cutting out the php code entirely, or it’s hidden by your browser because of the <> marks around it. I have not tested it much.

    Yeah – on my website it does the same thing. If someone posts PHP code in a comment (or if I do in a post), then it will appear as blank white space. In fact, if I go to moderate the comment, the PHP code is actually stripped completely so I can’t even fix what the commenter was trying to do (I had someone do that once, and I tried to fix it – that’s when I discovered this).

    It’s just because WordPress is set to *not* run PHP code that’s inserted – which *is* a *very* good thing, by the way – and since the browser doesn’t parse it anyway, then it just “goes away” (for lack of better terminogoly).

    As for seeing the actual text – *you* can do it yoursefl by replacing the “<” with "$laquo;" (hope that shows up! LOL) and then type in the rest of your PHP as needed. You have to replace them all, though – I know when I post code, I’ll put it in Notepad and then just do a find a replace so I don’t have to go through it line by line. Then copy and paste it into your entry field.

    But people can’t leave it in comments without similar trickery.

    Thank you doodlebee, I feel comfortable now. Good Bye to you all

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Disable PHP coding’ is closed to new replies.