This project is not covered by Drupal’s security advisory policy.


BACKUP FIRST

This module has one fundamental goal: To run Drupal with the php.ini setting disable_functions=eval. Even if an attacker takes over the site, there should be no way to take over the site via running arbitrary code or getting a WSOD because eval is disabled. Some functionality is not available when eval is disabled, for example ctools imports rely on it. Do those in a development environment.

The supplied drush script copies some PHP scripts from the database into a modulate.inc file placed in your settings directory (ie multisite is working). It also updates the database to remove PHP-related permissions, block visibility and more in the future.

1.0 takes over PHP block visiblity, 1.1 takes over Views global text area, default argument and argument validation. 1.2 deals with custom block content and nodes. 1.3 is disabling a lot of functionality that can not be overridden.

Useful bug reports of course welcome but if your site breaks, you get to keep both parts. You are supposed to know what you are doing if you run a drush command that generates a module.

Note: eval is a language construct and can not be disabled. Pity. The module is useful for speedup, still.

Project information

  • caution Seeking new maintainer
    The current maintainers are looking for new people to take ownership.
  • caution No further development
    No longer developed by its maintainers.
  • Created by chx on , updated
  • shield alertThis project is not covered by the security advisory policy.
    Use at your own risk! It may have publicly disclosed vulnerabilities.

Releases