On Sunday 29 January 2006 17:14, Karoly Negyesi wrote:
Ber's patch is a true Drupal solution (mine is not). It factors out the PHP filter to another module and let's you decide whether you want a more secure site with this module off (even removed!) or you want to continue where you are currently.
Notwithstanding my earlier comments, I'm pretty much okay with this plan. Ber made a good point about the multi-site installation. I run a number of Drupal sites, but they are all on different hosts so I don't instinctively think in terms of multi-site installation. Installing one extra module is not that big a deal, if it brings a big benefit to other installation types. The one thing that I do feel strongly is that it *should* be possible -- if one wishes -- to do pages with embedded code, without having to write a module. I have several sites where I am the only administrator and need to do simple queries into other non-Drupal applications. I'd hate to have to maintain a module just to support a dozen lines of actual code, where that code isn't dependent on Drupal functionality. So I'll concede Ber's point as long as the separate module's installation puts me back where I am today. I find it interesting to see how many _qualitatively_ different ways there are to use Drupal -- that speaks well of Drupal's versatility. Scott -- ------------------------------------------------------------------------------- Scott Courtney Drupal user name: "syscrusher" http://drupal.org/user/9184 scott at 4th dot com Drupal projects: http://drupal.org/project/user/9184 Sandbox: http://cvs.drupal.org/viewcvs/drupal/contributions/sandbox/syscrusher