<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv=Content-Type content="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<!--[if !mso]>
<style>
v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style>
<![endif]-->
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Arial Black";
panose-1:2 11 10 4 2 1 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:blue;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:Arial;
color:navy;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=blue>
<div class=Section1>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'>Thought I’d just ask the unasked
question, does your page contain vulnerabilities that can be exploited by
hackers, vulnerabilities that could compromise your drupal site? Just for
one example, does it allow loading your site disk with hundreds/thousands of space
consuming files?<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 color=navy face=Arial><span style='font-size:
10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><em><b><i><font size=2 color=navy face="Arial Black"><span
style='font-size:10.0pt;font-family:"Arial Black";color:navy;font-weight:bold'>Warren
Vail</span></font></i></b></em><font color=navy><span style='color:navy'><o:p></o:p></span></font></p>
</div>
<div>
<div class=MsoNormal align=center style='text-align:center'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>
<hr size=2 width="100%" align=center tabindex=-1>
</span></font></div>
<p class=MsoNormal><b><font size=2 face=Tahoma><span style='font-size:10.0pt;
font-family:Tahoma;font-weight:bold'>From:</span></font></b><font size=2
face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma'> support-bounces@drupal.org
[mailto:support-bounces@drupal.org] <b><span style='font-weight:bold'>On Behalf
Of </span></b>Mr. Jarry<br>
<b><span style='font-weight:bold'>Sent:</span></b> Thursday, January 20, 2011
12:23 AM<br>
<b><span style='font-weight:bold'>To:</span></b> support@drupal.org<br>
<b><span style='font-weight:bold'>Subject:</span></b> Re: [support] php-code in
block is not executed...</span></font><o:p></o:p></p>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>You say block with
php-script is bad idea, module is preferred solution.<br>
Unfortunatelly writing modules goes far beyond my capabilities (i'm quite<br>
new to drupal, and what is even worse, to php too). <br>
<br>
But what about creating block with iframe which calls this script within?<br>
Would it be better solution, than block with php-code? I could even move<br>
that script completely away, to different web-vhost (on the same physical<br>
server). In such a case, if that script fails, it should not crash the whole<br>
web-page, only that frame, I think...<br>
<br>
That php-script works, when I call it directly. It does not need mysql,<br>
only its own subdirectory structure, with files. I just want to include it<br>
on my web-page, but rewriting it to module would take me at least<br>
a few months...<br>
<br>
Jarry<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>On Wed, Jan 19, 2011 at 8:40 AM, Mukesh Agarwal <<a
href="mailto:mukesh.agarwal17@gmail.com">mukesh.agarwal17@gmail.com</a>>
wrote:<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>I second Fred. Making a module is always a good idea. The code gets
compiled before whereas in case of block, only while execution does the code
get loaded from db and then is compiled and executed. I think the php
accelerators like eaccelerator and stuff will not be able to cache the op code
from the code which is saved in db. <o:p></o:p></span></font></p>
<div>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
<div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'>On Wed, Jan 19, 2011 at 4:31 AM, Fred Jones <<a
href="mailto:fredthejonester@gmail.com" target="_blank">fredthejonester@gmail.com</a>>
wrote:<o:p></o:p></span></font></p>
<div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>>> In general tho
mate, this is bad practice. Put it in code somewhere,<br>
>> not in a block. (like page.tpl.php or node.tpl.php).<br>
><br>
> But where? And how can I have it displayed where I want,<br>
> like blocks? I'm quite new to drupal...<o:p></o:p></span></font></p>
</div>
<p class=MsoNormal style='margin-bottom:12.0pt'><font size=3
face="Times New Roman"><span style='font-size:12.0pt'>Make a module and use:<br>
<a
href="http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_block/6"
target="_blank">http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_block/6</a><o:p></o:p></span></font></p>
</div>
</div>
</div>
</div>
<p class=MsoNormal><font size=3 face="Times New Roman"><span style='font-size:
12.0pt'><o:p> </o:p></span></font></p>
</div>
</body>
</html>