It's possible to "break" a large part (or all) of a Drupal site by entering incorrect php code in a block configuration. To quote from the text on the block configuration page:

"Note that executing incorrect PHP-code can break your Drupal site."

For example, select the "Show if the following PHP code returns TRUE (PHP-mode, experts only)." and then enter:

<?php
somethingthatwontwork_fatal();
?>

This will break the parts of the site that use this block until you do something like this query: "update blocks set pages = '' where delta = "

Inserting the same code into a single node simple makes that node impossible to view and you can delete the node from the admin/node interface.

Possible solutions are executing drupal_eval before saving the item (basically a forced preview for any php input format)

I'm not sure there's really a better solution than the one we've got (stern warnings).

php_check_syntax (and/or cli version php -l) could be used to validate the code without saving it AND without actually evaluating it, except that they are not available on most hosts.

Perhaps we just have to wait and hope for php_check_syntax to be supported in PHP6.

Comments

lilou’s picture

lilou commented
Version: x.y.z » 7.x-dev

+1 but for technical reasons, php_check_syntax() is deprecated and removed from PHP.

Some PHP code exist : see http://us3.php.net/manual/en/function.php-check-syntax.php#82448

jody lynn’s picture

jody lynn
she/her
Primary language English
commented
Version: 7.x-dev » 8.x-dev
Component: base system » php.module
swentel’s picture

swentel commented
Project: Drupal core » PHP
Version: 8.x-dev » 8.x-1.x-dev
Component: php.module » Code
anybody’s picture

anybody
Primary language German
Location Porta Westfalica
commented
Issue summary: View changes

I agree this would make a lot of sense. Does symfony perhaps provide a syntax checker?