Title: dacilbf's Replies | WordPress.org

---

# dacilbf

  [  ](https://wordpress.org/support/users/dacilbf/)

 *   [Profile](https://wordpress.org/support/users/dacilbf/)
 *   [Topics Started](https://wordpress.org/support/users/dacilbf/topics/)
 *   [Replies Created](https://wordpress.org/support/users/dacilbf/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/dacilbf/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/dacilbf/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/dacilbf/engagements/)
 *   [Favorites](https://wordpress.org/support/users/dacilbf/favorites/)

 Search replies:

## Forum Replies Created

Viewing 4 replies - 1 through 4 (of 4 total)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Code Snippets] PHP and Security](https://wordpress.org/support/topic/php-and-security/)
 *  Thread Starter [dacilbf](https://wordpress.org/support/users/dacilbf/)
 * (@dacilbf)
 * [3 months, 1 week ago](https://wordpress.org/support/topic/php-and-security/#post-18867685)
 * Hello,
 * Thank you for raising this — it touches on something we deal with directly in
   our own setup.
 * We run a WordPress Multisite network in an educational environment where each
   site is managed by a teacher who holds the Administrator role on their individual
   site (but not Super Admin privileges). This is a fairly common pattern in education,
   and it introduces a specific risk that goes beyond the standard single-site scenario.
 * Even though the Code Snippets plugin correctly requires the manage_options capability—
   which in a standard single site would limit access to trusted admins — in a Multisite
   context, every site administrator inherently has manage_options on their own 
   site. This means that any teacher, regardless of their technical background, 
   can create and execute arbitrary PHP code within their site’s context.
 * In practice, we have seen cases where well-intentioned but inexperienced users
   add PHP snippets copied from tutorials or forums without fully understanding 
   the implications: snippets that make external HTTP requests, expose server-side
   information, bypass caching layers, or introduce logic errors that break the 
   site entirely.
 * The risk is not necessarily malicious intent — it is the combination of broad
   PHP execution capability with limited technical knowledge.
 * For this reason, a role-based or capability-based option to disable PHP snippet
   execution specifically (while still allowing CSS and JS) would be extremely valuable
   in Multisite environments. A Super Admin toggle to restrict PHP snippets network-
   wide — or per site — would address exactly this gap.
 * We hope this use case is helpful context for future development considerations.
 * Thank you.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WP Cassify] PHP8-compatible version in git repository.](https://wordpress.org/support/topic/php8-compatible-version-in-git-repository/)
 *  [dacilbf](https://wordpress.org/support/users/dacilbf/)
 * (@dacilbf)
 * [2 years, 1 month ago](https://wordpress.org/support/topic/php8-compatible-version-in-git-repository/#post-17757311)
 * Hi!
 * When I have debug mode active I see this message:
 * PHP Deprecated: parse_str(): Passing null to parameter #1 ($string) of type string
   is deprecated in wp-content/plugins/wp-cassify/classes/wp_cassify_utils.php on
   line 143
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[Authorizer] Login in WordPress](https://wordpress.org/support/topic/login-in-wordpress-2/)
 *  Thread Starter [dacilbf](https://wordpress.org/support/users/dacilbf/)
 * (@dacilbf)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/login-in-wordpress-2/#post-17398946)
 * hello, thank you very much for your reply.
 * Yes, I have the option “Redirect immediately to login form via CAS.
 * It is only external service enabled and WordPress logins are hidden.” In the 
   advanced options I have active “Hide WordPress login form” .
 * The problem is random. Users display their blog correctly, but when they try 
   to access the blog by clicking on the “Login” button after putting their credentials
   in the cas they return to the page where they were previously without being able
   to access the blog.
   After several attempts they are able to access.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WP Cassify] PHP8-compatible version in git repository.](https://wordpress.org/support/topic/php8-compatible-version-in-git-repository/)
 *  [dacilbf](https://wordpress.org/support/users/dacilbf/)
 * (@dacilbf)
 * [2 years, 5 months ago](https://wordpress.org/support/topic/php8-compatible-version-in-git-repository/#post-17372208)
 * Hi. Does it work with php 8.1? Have you detected any problems in these months?

Viewing 4 replies - 1 through 4 (of 4 total)