Code coverage for /20080809/modules/php/php.module

Line #Times calledCode
1
<?php
2
// $Id: php.module,v 1.10 2008/04/14 17:48:41 dries Exp $
3
4
/**
5
 * @file
6
 * Additional filter for PHP input.
7
 */
8
9
10
/**
11
 * Implementation of hook_help().
12
 */
1336
function php_help($path, $arg) {
14
  switch ($path) {
1524
    case 'admin/help#php':
160
      $output = '<p>' . t('The PHP filter adds the ability to include PHP
code in posts. PHP is a general-purpose scripting language widely-used for
web development; the content management system used by this website has
been developed using PHP.') . '</p>';
170
      $output .= '<p>' . t('Through the PHP filter, users with the proper
permission may include custom PHP code within a page of the site. While
this is a powerful and flexible feature if used by a trusted user with PHP
experience, it is a significant and dangerous security risk in the hands of
a malicious user. Even a trusted user may accidentally compromise the site
by entering malformed or incorrect PHP code. Only the most trusted users
should be granted permission to use the PHP filter, and all PHP code added
through the PHP filter should be carefully examined before use.') .
'</p>';
180
      $output .= '<p>' . t('<a href="@drupal">Drupal.org</a> offers <a
href="@php-snippets">some example PHP snippets</a>, or you can create your
own with some PHP experience and knowledge of the Drupal system.',
array('@drupal' => url('http://drupal.org'), '@php-snippets' =>
url('http://drupal.org/handbook/customization/php-snippets'))) . '</p>';
190
      $output .= '<p>' . t('For more information, see the online handbook
entry for <a href="@php">PHP module</a>.', array('@php' =>
'http://drupal.org/handbook/modules/php/')) . '</p>';
200
      return $output;
210
  }
2224
}
23
24
/**
25
 * Implementation of hook_filter_tips().
26
 */
2736
function php_filter_tips($delta, $format, $long = false) {
285
  global $base_url;
295
  if ($delta == 0) {
30
    switch ($long) {
315
      case 0:
325
        return t('You may post PHP code. You should include &lt;?php ?&gt;
tags.');
330
      case 1:
340
        $output = '<h4>' . t('Using custom PHP code') . '</h4>';
350
        $output .= '<p>' . t('Custom PHP code may be embedded in some types
of site content, including posts and blocks. While embedding PHP code
inside a post or block is a powerful and flexible feature when used by a
trusted user with PHP experience, it is a significant and dangerous
security risk when used improperly. Even a small mistake when posting PHP
code may accidentally compromise your site.') . '</p>';
360
        $output .= '<p>' . t('If you are unfamiliar with PHP, SQL, or
Drupal, avoid using custom PHP code within posts. Experimenting with PHP
may corrupt your database, render your site inoperable, or significantly
compromise security.') . '</p>';
370
        $output .= '<p>' . t('Notes:') . '</p>';
380
        $output .= '<ul><li>' . t('Remember to double-check each line for
syntax and logic errors <strong>before</strong> saving.') . '</li>';
390
        $output .= '<li>' . t('Statements must be correctly terminated with
semicolons.') . '</li>';
400
        $output .= '<li>' . t('Global variables used within your PHP code
retain their values after your script executes.') . '</li>';
410
        $output .= '<li>' . t('<code>register_globals</code> is
<strong>turned off</strong>. If you need to use forms, understand and use
the functions in <a href="@formapi">the Drupal Form API</a>.',
array('@formapi' => url('http://api.drupal.org/api/group/form_api/7'))) .
'</li>';
420
        $output .= '<li>' . t('Use a <code>print</code> or
<code>return</code> statement in your code to output content.') . '</li>';
430
        $output .= '<li>' . t('Develop and test your PHP code using a
separate test script and sample database before deploying on a production
site.') . '</li>';
440
        $output .= '<li>' . t('Consider including your custom PHP code
within a site-specific module or <code>template.php</code> file rather than
embedding it directly into a post or block.') . '</li>';
450
        $output .= '<li>' . t('Be aware that the ability to embed PHP code
within content is provided by the PHP Filter module. If this module is
disabled or deleted, then blocks and posts with embedded PHP may display,
rather than execute, the PHP code.') . '</li></ul>';
460
        $output .= '<p>' . t('A basic example: <em>Creating a "Welcome"
block that greets visitors with a simple message.</em>') . '</p>';
470
        $output .= '<ul><li>' . t('<p>Add a custom block to your site,
named "Welcome" . With its input format set to "PHP code" (or another
format supporting PHP input), add the following in the Block body:</p>
48
<pre>
49
print t(\'Welcome visitor! Thank you for visiting.\');
500
</pre>') . '</li>';
510
        $output .= '<li>' . t('<p>To display the name of a registered user,
use this instead:</p>
52
<pre>
53
global $user;
54
if ($user->uid) {
55
  print t(\'Welcome @name! Thank you for visiting.\', array(\'@name\' =>
$user->name));
56
}
57
else {
58
  print t(\'Welcome visitor! Thank you for visiting.\');
59
}
600
</pre>') . '</li></ul>';
610
        $output .= '<p>' . t('<a href="@drupal">Drupal.org</a> offers <a
href="@php-snippets">some example PHP snippets</a>, or you can create your
own with some PHP experience and knowledge of the Drupal system.',
array('@drupal' => url('http://drupal.org'), '@php-snippets' =>
url('http://drupal.org/handbook/customization/php-snippets'))) . '</p>';
620
        return $output;
630
    }
640
  }
650
}
66
67
/**
68
 * Implementation of hook_filter(). Contains a basic PHP evaluator.
69
 *
70
 * Executes PHP code. Use with care.
71
 */
7236
function php_filter($op, $delta = 0, $format = -1, $text = '') {
73
  switch ($op) {
746
    case 'list':
756
      return array(0 => t('PHP evaluator'));
764
    case 'no cache':
77
      // No caching for the PHP evaluator.
781
      return $delta == 0;
794
    case 'description':
803
      return t('Executes a piece of PHP code. The usage of this filter
should be restricted to administrators only!');
811
    case 'process':
821
      return drupal_eval($text);
831
    default:
841
      return $text;
851
  }
860
}
87
88
89
9036