By Zyava on

I'm trying to create module which allow users with appropriate permissions enter php code in any input/textarea and save to db. That code must be evaluated in that place where some module extracts it from db and print it on page.

Problem is that I don't know variable name which will contain that code in some module. When I know variable name I can evaluate code in that variable in hook_preprocess_page(). But maybe I can do this in other way?

Can anybody advice something?

Categories: Drupal 6.x

Comments

dman’s picture

dman commented

I'm not sure I understand the question, but...
Are you having trouble enabling the php input filter?

in admin - modules - core:optional [PHP filter]
And admins (and those you give permissions to - be VERY careful) can insert echo "any code"; into their node body. When using the selected input format.
Careful not to use it at the same time as a WYSIWYG though.

.dan. is the New Zealand Drupal Developer working on Government Web Standards

nevets’s picture

nevets commented

You can enable the PHP filter (standard module) and grant permission to a role to use. At that point people with the correct role can create content of type page and use PHP. Note that this in an avenue for possible problems.

Zyava’s picture

Zyava commented

Of course I know about PHP filter. But It allows enter php code only in node body. I want let user enter php code anywhere. For example, some module (A) has input/textarea (B) for description of smth. I want create module which allows user (with appropriate permissions) enter php code in that input/textarea (B). Then that 'some module' (A) uses text which user enter in that input/textarea (B) in some place (C). But user entered php code in that input/textarea (B). I want evaluate php code in that place (C). I hope you understand me now.

dman’s picture

dman commented

The OP didn't seem to be aware of the way php filter can be used.
When adding the textfield - if doing it with CCK - you can select if the textarea is plain or uses input filters. It needn't apply to just body fields.
If adding the textfield some other way ??? then the module must apply the php processing itself at node-prepare time, eg by invoking the php filter manually on that text when preparing it for output. You'll need to do your own security checks if trying that.
You can probably find examples in node.module
node.pages.inc


  $form['body'] = array(
    '#type' => 'textarea',
    '#title' => check_plain($label),
    '#default_value' => $include ? $node->body : ($node->teaser . $node->body),
    '#rows' => 20,
    '#required' => ($word_count > 0),
  );

  $form['format'] = filter_form($node->format);

node_prepare()

    $node->body = check_markup($node->body, $node->format, FALSE);

.dan. is the New Zealand Drupal Developer working on Government Web Standards

vitzo.com’s picture

vitzo.com commented

The OP means that he wants to use PHP in standard Drupal textfields, such as the name of a menu or title of a node. Might this be possible by integrating with the Forms API at some level?

dman’s picture

dman commented

OP said textareas not textfields, and many Drupal textareas can have PHP enabled for them. But if you want to do it for textfields as well, the same process can be applied, using hook_nodapi('prepare') as in the example above.
It's hell to edit PHP in a textfield though.

It cannot be done through Form API, as form API does not do the rendering, just the input. You normally want the PHP to be run at render time to produce the dynamic result you are looking for.
To modify the output, you have to do it via either nodeapi hooks or the theme layer.

I'd question whether this task, whatever it is, may actually benefit from using token or computed_field instead.

.dan. is the New Zealand Drupal Developer working on Government Web Standards