<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Yes, I see.<div><br></div><div>Thanks for your comments, I'll bear them in mind.</div><div><br></div><div>Thanks again for your help.</div><div><br></div><div>Regards</div><div><br></div><div>Emma</div><div><br></div><div><div><div>On 9 Oct 2009, at 13:06, Shai Gluskin wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">Emma,<br><br>What I meant is that other authenticated users shouldn't be able to input php. Typically only user/1 would be able to enter php and even some people recommend that the php input module be turned off and that all php should be in the code base and not stored in the database.<br>
<br>So let's say you developed the site and then handed off the site to content administrators, you wouldn't want those content administrators to be able to edit fields that have the php input filter turned on. That means they wouldn't have any editorial control over that node (other than editing the contents of the embedded node) without contacting you. OR, you'd have to give them permission to edit php filter-enabled nodes, and then you'd have the vulnerability.<br>
<br>But if you are the sole editor of the site and you aren't planning on creating other editor/admin roles, then the snippet approach is fine.<br><br>When developing a site it's always a good idea to think about maintenance of the site and the future of the site even while you are building the site now.<br>
<br>I was just on a webinar with Drupal security guru Greg Knaddison. One of the things that his firm does is security audits of Drupal sites. He said that the vast majority of the problems they find are with custom code. I know those snippets that Luca shared are really basic. But one misplaced or missing semi-colon can take down a site. I say, when there is a reasonable alternative that can prevent you from writing code, even if you know how, then you've made your site stronger and more maintainable.<br>
<br>Shai<br><br><div class="gmail_quote">On Fri, Oct 9, 2009 at 7:08 AM, Emma Badger <span dir="ltr"><<a href="mailto:emma.badger@chocolateteapot.net">emma.badger@chocolateteapot.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Thanks to both of you that answered. I think option 1 is exactly what<br>
I want.<br>
<br>
I didn't quite understand this Shai.<br>
<div class="im">But if you take that approach you won't be able to give<br>
access to that node to non-dev site admins without making your site<br>
vulnerable.<br>
<br>
</div>Anonymous users can see the content of the other node. Or do you mean<br>
that anonymous users shouldn't be allowed to input php - if so, yes<br>
that's how I have it set up, and it's just me that will need this<br>
functionality.<br>
<br>
Thanks again.<br>
<font color="#888888"><br>
Emma<br>
</font><div><div></div><div class="h5"><br>
On 9 Oct 2009, at 12:22, luca capra wrote:<br>
<br>
> in node1 body, with php filter<br>
> <?php<br>
> $node2 = node_load(156);<br>
> echo $node2->body;<br>
> ?><br>
><br>
> or in template.php<br>
><br>
> YOURTHEME_preprocess_node(&$vars, $hook){<br>
> $nid = 1; // the nid of node container<br>
> if(arg(0)==node && arg(1)==$nid){<br>
> $node2 = node_load(156);<br>
> $vars['content'] .= $node2->body;<br>
> }<br>
> }<br>
><br>
> (then clear the cache in admin/settings/performance)<br>
><br>
> both should works.<br>
><br>
><br>
> Emma Badger ha scritto:<br>
>> I would like to include the content of the body field of node 156 in<br>
>> the body of another node using php. Is this easy to do?<br>
>><br>
>> Any help would be appreciated.<br>
>><br>
>> Regards<br>
>><br>
>> Emma<br>
>><br>
>><br>
> --<br>
> [ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
<br>
--<br>
[ Drupal support list | <a href="http://lists.drupal.org/" target="_blank">http://lists.drupal.org/</a> ]<br>
</div></div></blockquote></div><br>
-- <br>[ Drupal support list | <a href="http://lists.drupal.org/">http://lists.drupal.org/</a> ]</blockquote></div><br></div></body></html>