Op zondag 29 januari 2006 15:22, schreef Morbus Iff:
Ugh, holy crap, please no. Let me shoot myself in the foot, but don't force me to fucking load an FTP client. I thought this was a content management system - if I'm forced to a) write my content in a text editor, b) upload it through an FTP program, c) THEN manage it in the CMS, Drupal just isn't useful to me anymore.
Content is not PHP. Code is not content. Content is text; PHP is logic. Hell, we could probably store the whole of Drupal in the database, and add a few small files to eval it. Why is that not the case? Because we want to maintain a separation between logic and code. Besides these philosophical reasons, php input is just a real big security hole. It is not about shooting in your own foot. But about people like bryght etc handing out guns to let people shoot bryght in the foot. Just for fun: try securing your site, by imagining an administrator that you do not trust. Its near impossible! that adminstrator can hardly administer anything, because you have to close so many backdoors, all related to PHP input that there is hardly anything left adminstrating. Bèr