- Patch #46941 by Zen and Ber: move PHP input filter to dedicated module.

3 files changed, 108 insertions, 0 deletions

diff --git a/modules/php/php.info b/modules/php/php.info
new file mode 100644
index 000000000..712f540a1
--- /dev/null
+++ b/modules/php/php.info
@@ -0,0 +1,5 @@
+; $Id$
+name = PHP filter
+description = Allows embedded PHP code/snippets to be evaluated.
+package = Core - optional
+version = VERSION
diff --git a/modules/php/php.install b/modules/php/php.install
new file mode 100644
index 000000000..d5ee4d8bd
--- /dev/null
+++ b/modules/php/php.install
@@ -0,0 +1,29 @@
+<?php
+// $Id$
+
+/**
+ * Implementation of hook_install().
+ */
+function php_install() {
+  $format_exists = db_result(db_query("SELECT COUNT(*) FROM {filter_formats} WHERE name = 'PHP code'"));
+  // Add a PHP code input format, if it does not exist. Do this only for the
+  // first install (or if the format has been manually deleted) as there is no
+  // reliable method to identify the format in an uninstall hook or in
+  // subsequent clean installs.
+  if (!$format_exists) {
+    db_query("INSERT INTO {filter_formats} (name, roles, cache) VALUES ('PHP code', '', 0)");
+    $format = db_result(db_query("SELECT MAX(format) FROM {filter_formats}"));
+
+    // Enable the PHP evaluator filter.
+    db_query("INSERT INTO {filters} (format, module, delta, weight) VALUES (%d, 'php', 0, 0)", $format);
+
+    drupal_set_message(t('A !php-code input format has been created.', array('!php-code' => l('PHP code', 'admin/settings/filters/'. $format))));
+  }
+}
+
+/**
+ * Implementation of hook_disable().
+ */
+function php_disable() {
+  drupal_set_message(t('The PHP module has been disabled. Please note that any existing content that was using the PHP filter will now be visible in plain text. This might pose a security risk by exposing sensitive information, if any, used in the PHP code.'));
+}
diff --git a/modules/php/php.module b/modules/php/php.module
new file mode 100644
index 000000000..fb6953cec
--- /dev/null
+++ b/modules/php/php.module
@@ -0,0 +1,74 @@
+<?php
+// $Id$
+
+/**
+ * @file
+ * Additional filter for PHP input.
+ */
+
+
+/**
+ * Implementation of hook_help().
+ */
+function php_help($section) {
+  switch ($section) {
+    case 'admin/help#php':
+      return t('Adds a filter option to include PHP in content.');
+  }
+}
+
+/**
+ * Implementation of hook_filter_tips().
+ */
+function php_filter_tips($delta, $format, $long = false) {
+  global $base_url;
+  if ($delta == 0) {
+    switch ($long) {
+      case 0:
+        return t('You may post PHP code. You should include &lt;?php ?&gt; tags.');
+      case 1:
+        return t('
+<h4>Using custom PHP code</h4>
+<p>If you know how to script in PHP, Drupal gives you the power to embed any script you like. It will be executed when the page is viewed and dynamically embedded into the page. This gives you amazing flexibility and power, but of course with that comes danger and insecurity if you don\'t write good code. If you are not familiar with PHP, SQL or with the site engine, avoid experimenting with PHP because you can corrupt your database or render your site insecure or even unusable! If you don\'t plan to do fancy stuff with your content then you\'re probably better off with straight HTML.</p>
+<p>Remember that the code within each PHP item must be valid PHP code - including things like correctly terminating statements with a semicolon. It is highly recommended that you develop your code separately using a simple test script on top of a test database before migrating to your production environment.</p>
+<p>Notes:</p><ul><li>You can use global variables, such as configuration parameters, within the scope of your PHP code but remember that global variables which have been given values in your code will retain these values in the engine afterwards.</li><li>register_globals is now set to <strong>off</strong> by default. If you need form information you need to get it from the "superglobals" $_POST, $_GET, etc.</li><li>You can either use the <code>print</code> or <code>return</code> statement to output the actual content for your item.</li></ul>
+<p>A basic example:</p>
+<blockquote><p>You want to have a box with the title "Welcome" that you use to greet your visitors. The content for this box could be created by going:</p>
+<pre>
+print t("Welcome visitor, ... welcome message goes here ...");
+</pre>
+<p>If we are however dealing with a registered user, we can customize the message by using:</p>
+<pre>
+global $user;
+if ($user->uid) {
+  print t("Welcome $user->name, ... welcome message goes here ...");
+}
+else {
+  print t("Welcome visitor, ... welcome message goes here ...");
+}
+</pre></blockquote>
+<p>For more in-depth examples, we recommend that you check the existing Drupal code and use it as a starting point, especially for sidebar boxes.</p>');
+    }
+  }
+}
+
+/**
+ * Implementation of hook_filter(). Contains a basic PHP evaluator.
+ *
+ * Executes PHP code. Use with care.
+ */
+function php_filter($op, $delta = 0, $format = -1, $text = '') {
+  switch ($op) {
+    case 'list':
+      return array(0 => t('PHP evaluator'));
+    case 'no cache':
+      // No caching for the PHP evaluator.
+      return $delta == 0;
+    case 'description':
+      return t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!');
+    case 'process':
+      return drupal_eval($text);
+    default:
+      return $text;
+  }
+}