Topic: Allow admin/moderators to embed PHP in posts?

Is there a way to do this in PunBB? A BBCode [php] tag perhaps that only gets parsed if the user has certain permissions?

Re: Allow admin/moderators to embed PHP in posts?

moved, it could not be a plugin.

Re: Allow admin/moderators to embed PHP in posts?

Cool. So I take it a Mod like hasn't been created yet?

Re: Allow admin/moderators to embed PHP in posts?

Correct: I'm curious though, why in the world would you want someone to be able to run arbitrary PHP on your server?

5

Re: Allow admin/moderators to embed PHP in posts?

For me ... I see one example smile

I can put inside a post FILMS from http://www.sortons.net/cinema/ I can put the list of the pubs, discotheques from http://www.sortons.net/ousortir ... I can copy/paste of course in CORE html ... but with this system, it's in real time.

6 (edited by shauninman 2005-09-21 14:32)

Re: Allow admin/moderators to embed PHP in posts?

Not anyone, just an Admin. I want to include a custom polling script. I'll be posting my mod in a few minutes. It's hairy but it works for me.

7

Re: Allow admin/moderators to embed PHP in posts?

As Rod said, one good use for this is posts which update themselves from content stored elsehwere e.g. a dynamically updated to do list, bug list or faq.

Re: Allow admin/moderators to embed PHP in posts?

Posted the mod here in case anyone is interested: http://punbb.org/forums/viewtopic.php?id=8862

9

Re: Allow admin/moderators to embed PHP in posts?

I dream ... the great shauninman, which gives me the love of CSS, is here ... ARGHHHHHHHHHH smile

(going see the mod)

Re: Allow admin/moderators to embed PHP in posts?

Paul wrote:

As Rod said, one good use for this is posts which update themselves from content stored elsehwere e.g. a dynamically updated to do list, bug list or faq.

Yeah, but when I read the post I was thinking about the security implications of mods (and even admins) being able to write arbitrary PHP tongue
The include makes me feel a bit better tongue

Re: Allow admin/moderators to embed PHP in posts?

You guys might be interested in the "chip-list" I embedded into a thread using this mod: http://www.haveamint.com/forum/viewtopic.php?id=336 Or maybe not. smile

12

Re: Allow admin/moderators to embed PHP in posts?

So I understand nothing smile I have changed my http://www.sortons.net/agenda_forum.php with 0% of HTML as you told to me ... and the result is http://www.sortons.net/forum/viewtopic.php?id=5012 (incredible to see the result OUTSIDE of the post)

or I see your topic ... and see a HTML TABLE !!! grrrrrrrrrrr ... where is the secret ? smile

13 (edited by shauninman 2005-09-23 03:01)

Re: Allow admin/moderators to embed PHP in posts?

Rod, the script you include cannot send any HTML to the browser. If you can view the page you are trying to include in a browser and you see any HTML then it's not going to work. All HTML must be added in string form to the $return variable. That $return variable is then inserted into the post text in place of the [inc] BBcode.

If you don't need the PunBB variables in your include script then you can create a proxy script that uses file_get_contents() to add the output of the script you are trying to include to the $return variable. My script piggybacks atop Pun's user permissions so I don't use this technique but it should work.

Example PunBB post:

This is my include:
[inc]/relative/path/to/proxy.php[/inc]

Example proxy.php script:

<?php $return = file_get_contents('http://www.yourdomain.com/path/to/include.php'); ?>

Example include.php:

I ? <?php echo 'PunBB'; ?>

Using this proxy should result in the your post looking like this:

This is my include:
I ? PunBB

Just make sure you use the full url for your include file in proxy.php. Using a relative one will result in the actual PHP source code being sent to the browser potentially exposing any database passwords contained within the script. Also, do not use a variable passed in by the query string to choose which file to include in proxy.php--that would open up a nasty security hole.

14 (edited by snoogly 2005-09-25 01:18)

Re: Allow admin/moderators to embed PHP in posts?

I tried the proxy method, and typed all pathes correctlt, but I failed to get the php file contents to load in the post. Viewing the page source in the browser showed only this :


<!-- ME -->

Also this error message: Undefined index: g_id in /home/(path to)/include/parser.php on line 308


Any idea what might have gone wrong?