I created a beguiling bug because my allowed_options_php code used a variable, natural to the problem domain, of "$options".
... woops.

Would be better if the eval happened in a different scope and tried to avoid collisions.

patch suggests a way to do it. includes handling of (non-php) allowed options for code-clarity.

CommentFileSizeAuthor
diff.diff1.77 KBginkgomzd

Comments

haydeniv’s picture

Status: Active » Needs review

Issues with patches should be Needs review or Needs work so they are easier to locate in the issue queue.

Although convenient, storing PHP code in the database is very dangerous just like you have found and can quickly trash your site where you have to edit the database directly to fix it. I'm actually considering removing that option all together and forcing people to use a custom module with instructions for that feature.

haydeniv’s picture

Version: 7.x-2.9 » 7.x-3.x-dev
Status: Needs review » Fixed

Went ahead and applied this: 7220527
Thanks!

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.