put PHP-validators into optional include file
killes@www.drop.org - November 3, 2008 - 09:41
| Project: | Validation API |
| Version: | 6.x-1.x-dev |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Jump to:
Description
I'd like to be able to use the validation API without allowing anybody to add PHP code through the UI. I consider this a security problem. It would be nice if you could follow core and put this functionality (which some people still will like) into an optional sub-.module (similar to php.module in core).
#1
Also, you should make sure that people cannot use the /e modifier for regexps if the php-submodule is not enabled.
#2
Separating the PHP functionality out of the module would have been a lot of work. So, for the first release I decided to just create permissions for inputting PHP validators. Also, they will not be allowed to use /e regex modifier if they are not permitted to input PHP validators.
I may be interested in separating the php functionality into a separate module for 2.0, so I will keep this issue active for now.