Enhancement request.System Tweaks module “PHP in Plugins”

  • forumaad

    (@forumaad)


    5 years, 11 months ago

    Enhancement request that offers anyone the flexibility to add/remove exceptions to the System Tweaks module “PHP in Plugins” feature from the iTSec plugin Dashboard UI.
    And/or provide a filter that other plugin developers can hook into.
    In the current version, some plugins stop working correctly with the option “Disable PHP in Plugins” turned on.
    Adding a list of php files to which you can add exceptions would solve this problem.

Viewing 3 replies - 1 through 3 (of 3 total)
  • nlpro

    (@nlpro)

    5 years, 11 months ago

    First of all we should all understand this specific iTSec plugin feature writes an entry to the .htaccess file (on Apache).

    Why not request the author of the conflicting plugin to stop accessing plugin .php files through the web server. Is it really necessary ? If so, why ?

    To prevent any confusion, I’m not iThemes.

    Thread Starter forumaad

    (@forumaad)

    5 years, 11 months ago

    Just need the option where you can make a list of exceptions.
    many plugins for direct work with users will not be able to work. Such as push notification plugins
    ex.
    https://documentation.onesignal.com/docs/troubleshooting-wordpress-web-push#ithemes-security-plugin

    nlpro

    (@nlpro)

    5 years, 11 months ago

    Ok, so it looks like the OneSignal plugin uses .php file(s) as an external javascript source. If the ONESIGNAL_DEBUG and ONESIGNAL_LOCAL constants are defined a local SDK .js file is used, otherwise a remote (worker) SDK .js file is used.
    IMHO this can easily be refactored into a solution that does not require php execution from the plugins folder.

    From a security point of view I feel more comfortable with preventing ALL php execution from the plugins folder. Also less administration for us … 😉

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Enhancement request.System Tweaks module “PHP in Plugins”’ is closed to new replies.