This project is not covered by Drupal’s security advisory policy.
BACKUP FIRST
This module has one fundamental goal: To run Drupal with the php.ini
setting disable_functions=eval
. Even if an attacker takes over the site, there should be no way to take over the site via running arbitrary code or getting a WSOD because eval
is disabled. Some functionality is not available when eval
is disabled, for example ctools imports rely on it. Do those in a development environment.
The supplied drush script copies some PHP scripts from the database into a modulate.inc
file placed in your settings directory (ie multisite is working). It also updates the database to remove PHP-related permissions, block visibility and more in the future.
1.0 takes over PHP block visiblity, 1.1 takes over Views global text area, default argument and argument validation. 1.2 deals with custom block content and nodes. 1.3 is disabling a lot of functionality that can not be overridden.
Useful bug reports of course welcome but if your site breaks, you get to keep both parts. You are supposed to know what you are doing if you run a drush command that generates a module.
Note: eval is a language construct and can not be disabled. Pity. The module is useful for speedup, still.
Project information
- Seeking new maintainer
The current maintainers are looking for new people to take ownership. - No further development
No longer developed by its maintainers. - Created by chx on , updated
- This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.