Closed (fixed)
Project:
Customerror
Version:
5.x-1.1
Component:
User interface
Priority:
Normal
Category:
Support request
Assigned:
Unassigned
Reporter:
Created:
1 Nov 2007 at 10:03 UTC
Updated:
1 Nov 2007 at 18:02 UTC
The checkmark of "Allow PHP code to be executed [...]" currently has the following advice added to it:
This allows you to include PHP code (enclosed in php tags) for the 403 (access denied) message. Note that this can be dangerous in some situations. Make sure that you are aware of the implications.
What are the implications, anyway? Is this a warning concerning bad php code only or about a noteworthy security hole?
If it's a larger issue, a link pointing to a drupal.org node discussing it would come in handy. Right inside the interface. Next to the warning.
Comments
Comment #1
kbahey commentedBy writing your own PHP you can open up security holes in the site unintentionally.
See examples here http://drupal.org/writing-secure-code