BACKUP FIRST
This module has one fundamental goal: To run Drupal with the php.ini setting disable_functions=eval. Even if an attacker takes over the site, there should be no way to take over the site via running arbitrary code or getting a WSOD because eval is disabled. Some functionality is not available when eval is disabled, for example ctools imports rely on it. Do those in a development environment.
The supplied drush script copies some PHP scripts from the database into a modulate.inc file placed in your settings directory (ie multisite is working). It also updates the database to remove PHP-related permissions, block visibility and more in the future.
1.0 takes over PHP block visiblity, 1.1 takes over Views global text area, default argument and argument validation. 1.2 deals with custom block content and nodes. 1.3 is disabling a lot of functionality that can not be overridden.
Useful bug reports of course welcome but if your site breaks, you get to keep both parts. You are supposed to know what you are doing if you run a drush command that generates a module.
Note: eval is a language construct and can not be disabled. Pity. The module is useful for speedup, still.
Downloads
Project Information
- Maintenance status: Seeking new maintainer
- Development status: No further development
- Downloads: 266
- Last modified: March 28, 2013
