You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think CKEditor is commonly used to allow users to easily create content.
This content is often saved to a database field, and later displayed by a CMS using PHP's echo/print.
Ignoring potential security risks for a moment, this Show Protected plug-in could allow users to include PHP files (with sliders, forms, whatever) anywhere on the page.
However, how can the content be displayed with the PHP code blocks parsed?
I've just discussed this on IRC for hours, and all the solutions I've read about seem problematic.
The only thing I can think of that would actually work is to use file_put_contents() to create a temporary file with the content, then use file_get_contents() to get it back parsed by PHP.
Possibly with eval(), DOM, output buffering, and whatnot.
Unless I'm completely missing something...
The text was updated successfully, but these errors were encountered:
I think CKEditor is commonly used to allow users to easily create content.
This content is often saved to a database field, and later displayed by a CMS using PHP's echo/print.
Ignoring potential security risks for a moment, this Show Protected plug-in could allow users to include PHP files (with sliders, forms, whatever) anywhere on the page.
However, how can the content be displayed with the PHP code blocks parsed?
I've just discussed this on IRC for hours, and all the solutions I've read about seem problematic.
The only thing I can think of that would actually work is to use file_put_contents() to create a temporary file with the content, then use file_get_contents() to get it back parsed by PHP.
Possibly with eval(), DOM, output buffering, and whatnot.
Unless I'm completely missing something...
The text was updated successfully, but these errors were encountered: