Why we cannot use PHP code in modules or articles?
Why not simply allowing PHP code in articles/modules, by providing an option in Joomla?
Or provide us the way to do this without using extensions, by the mean of documentation, because I find nowhere where to start…
Labels |
Added:
?
|
Title |
|
Labels |
Added:
J4 Issue
|
Status | New | ⇒ | Closed |
Closed_Date | 0000-00-00 00:00:00 | ⇒ | 2019-08-05 17:58:33 |
Closed_By | ⇒ | alikon |
Closed_By | alikon | ⇒ | joomla-cms-bot |
Set to "closed" on behalf of @alikon by The JTracker Application at issues.joomla.org/joomla-cms/25783
Because it opens your web site to any number of security vulnerabilities
Sounds very stupid… as the same applies for
And you guess what? We can embed php code in them… So these open our web sites with any number of security vulnerabilities…
There are several extensions available at https://extensions.joomla.org that will let you do this
I did not ask for extensions, but at least for some documentation…
Seems I will waste my time to figure out how it works.
And you guess what? We can embed php code in them… So these open our web sites with any number of security vulnerabilities…
Only Super-Administrators can install extensions or edit template files. If you can't trust those users, then all is lost anyway.
For all other users, there is no way to embed PHP code for security reasons. If you allow them to run PHP code, then you can as well give them full access to your server.
So if you really need that feature, you need to find some extension which allows that and you seriously need to make sure only users which you trust blindly are allowed to use it.
It certainly will never be part of core.
Did you know that Joomla provide ACL? (sure you know…)
We could use ACL to enable selected user, ONLY, to embed PHP code… like by default Super-Administrators etc…
You don't understand.
As soon as you allow a non-Super-Admin to add PHP code to eg an article, that user can elevate himself als Super-Admin. Or he can do even worse stuff.
ACL doesn't help you there at all. There is no safe-guard left once you can run your own PHP code.
You waste my time… Read again and again my posts, until you are able to understand what I mean.
Everything you wrote is stupid as:
Now as you are too much psychorigid for me, I will not waste my time anymore with you on this topic. I have done with it, and I am near to find my solution.
I am sure you will share such a solution by proposing a PR.
In the meanwhile, it would be much appreciated if you stopped using insults towards anyone in this repo. Thanks.
@vintzl could you please claim down and be a bit more friendly. Everyone here tries to make Joomla better. Adding the possibility to execute PHP code will lead to security problems for in experienced users. As power user you are able to simply install an extension that can do this. If you really want it simple you can even do this with a template override and set the filter to raw on mod_custom. Then you have done it with core.
But giving this to an end user would only lead to security problems. And no filtering php code is not trivial.
OK, I am sorry if anyone was offended.
Because it opens your web site to any number of security vulnerabilities
There are several extensions available at https://extensions.joomla.org that will let you do this