Hi, I'm doing some stupid mistake here but I can not help myself: I created very simple block, using full-html format, with this block body :
<?php include("ts3/ts3v.php"); ?>
But when I configure it to be displayed on some page, it does not get executed, instead of that the very same text is shown. What am I doing wrong?
Yet when I open my.site.tld/ts3/ts3v.php directly in browser it is correctly displayed with output as expected. So where is the problem?
BTW, one more question: how could I get the above described block refreshed every 15 seconds?
Jarry
have you enabled the php input filter?
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
On Tue, Jan 18, 2011 at 7:42 PM, Jarry mr.jarry@gmail.com wrote:
Hi, I'm doing some stupid mistake here but I can not help myself: I created very simple block, using full-html format, with this block body :
<?php include("ts3/ts3v.php"); ?>
But when I configure it to be displayed on some page, it does not get executed, instead of that the very same text is shown. What am I doing wrong?
Yet when I open my.site.tld/ts3/ts3v.php directly in browser it is correctly displayed with output as expected. So where is the problem?
BTW, one more question: how could I get the above described block refreshed every 15 seconds?
Jarry
-- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. -- [ Drupal support list | http://lists.drupal.org/ ]
On 18. 1. 2011 20:55, Steve Power wrote:
have you enabled the php input filter?
No. Did not know I have to do it. But now I enabled, changed format to php, and after activating block I got white screen with some very nasty error message. It really scared me. I could not do anything because web was off-line, so I simply deleted that ts3v.php script and site recovered...
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Jarry
On Tue, Jan 18, 2011 at 7:42 PM, Jarry <mr.jarry@gmail.com ... <?php include("ts3/ts3v.php"); ?>
But when I configure it to be displayed on some page, it does not get executed, instead of that the very same text is shown. What am I doing wrong?
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use: http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl...
Google for how to make your first custom Drupal module
HTH
I second Fred. Making a module is always a good idea. The code gets compiled before whereas in case of block, only while execution does the code get loaded from db and then is compiled and executed. I think the php accelerators like eaccelerator and stuff will not be able to cache the op code from the code which is saved in db.
On Wed, Jan 19, 2011 at 4:31 AM, Fred Jones fredthejonester@gmail.comwrote:
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use:
http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl...
Google for how to make your first custom Drupal module
HTH
[ Drupal support list | http://lists.drupal.org/ ]
You say block with php-script is bad idea, module is preferred solution. Unfortunatelly writing modules goes far beyond my capabilities (i'm quite new to drupal, and what is even worse, to php too).
But what about creating block with iframe which calls this script within? Would it be better solution, than block with php-code? I could even move that script completely away, to different web-vhost (on the same physical server). In such a case, if that script fails, it should not crash the whole web-page, only that frame, I think...
That php-script works, when I call it directly. It does not need mysql, only its own subdirectory structure, with files. I just want to include it on my web-page, but rewriting it to module would take me at least a few months...
Jarry
On Wed, Jan 19, 2011 at 8:40 AM, Mukesh Agarwal mukesh.agarwal17@gmail.comwrote:
I second Fred. Making a module is always a good idea. The code gets compiled before whereas in case of block, only while execution does the code get loaded from db and then is compiled and executed. I think the php accelerators like eaccelerator and stuff will not be able to cache the op code from the code which is saved in db.
On Wed, Jan 19, 2011 at 4:31 AM, Fred Jones fredthejonester@gmail.comwrote:
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use:
http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl...
Thought I'd just ask the unasked question, does your page contain vulnerabilities that can be exploited by hackers, vulnerabilities that could compromise your drupal site? Just for one example, does it allow loading your site disk with hundreds/thousands of space consuming files?
Warren Vail
_____
From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Mr. Jarry Sent: Thursday, January 20, 2011 12:23 AM To: support@drupal.org Subject: Re: [support] php-code in block is not executed...
You say block with php-script is bad idea, module is preferred solution. Unfortunatelly writing modules goes far beyond my capabilities (i'm quite new to drupal, and what is even worse, to php too).
But what about creating block with iframe which calls this script within? Would it be better solution, than block with php-code? I could even move that script completely away, to different web-vhost (on the same physical server). In such a case, if that script fails, it should not crash the whole web-page, only that frame, I think...
That php-script works, when I call it directly. It does not need mysql, only its own subdirectory structure, with files. I just want to include it on my web-page, but rewriting it to module would take me at least a few months...
Jarry
On Wed, Jan 19, 2011 at 8:40 AM, Mukesh Agarwal mukesh.agarwal17@gmail.com wrote:
I second Fred. Making a module is always a good idea. The code gets compiled before whereas in case of block, only while execution does the code get loaded from db and then is compiled and executed. I think the php accelerators like eaccelerator and stuff will not be able to cache the op code from the code which is saved in db.
On Wed, Jan 19, 2011 at 4:31 AM, Fred Jones fredthejonester@gmail.com wrote:
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use: http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl ock/6
On Thu, Jan 20, 2011 at 9:54 AM, Warren Vail warren@vailtech.net wrote:
Thought I’d just ask the unasked question, does your page contain vulnerabilities that can be exploited by hackers, vulnerabilities that could compromise your drupal site? Just for one example, does it allow loading your site disk with hundreds/thousands of space consuming files?
I would like to think it is secure, but no one can be sure. Even when I try to update it frequently, there still might be not_yet_discovered vulnerabilities.
Users can upload files, but quota for disk space is applied. But even quota could be circumvented sometimes...
Jarry
Jarry, it wont take much time to create a module.. follow this link -- http://www.myblogplanner.com/blog/block-module-drupal-6-x/
you dont really need to understand a lot of php and drupal in writing module..
"The first step is always the hardest" but it becomes a much easier practice..
On Thu, Jan 20, 2011 at 3:33 PM, Mr. Jarry mr.jarry@gmail.com wrote:
On Thu, Jan 20, 2011 at 9:54 AM, Warren Vail warren@vailtech.net wrote:
Thought I’d just ask the unasked question, does your page contain vulnerabilities that can be exploited by hackers, vulnerabilities that could compromise your drupal site? Just for one example, does it allow loading your site disk with hundreds/thousands of space consuming files?
I would like to think it is secure, but no one can be sure. Even when I try to update it frequently, there still might be not_yet_discovered vulnerabilities.
Users can upload files, but quota for disk space is applied. But even quota could be circumvented sometimes...
Jarry
-- [ Drupal support list | http://lists.drupal.org/ ]
Hello Jarry,
On Thu, 2011-01-20 at 09:22 +0100, Mr. Jarry wrote:
That php-script works, when I call it directly.
If you call a php script via the Drupal PHP Filter it is included using eval() from within a function. The result of this is that none of your global variables remain visible as global. This is to avoid name space collisions, i.e. the overwriting of Drupal variables and functions with values coming from your script.
Also, your script should not output any http headers (and preferably no html headers and body tag, so you cannot use template rendering engines like Smarty to display the page. You *can* use a template engine to return the content and echo that, as Drupal uses output buffering (ob_start()) for eval()ed scripts.
I managed to get Retrospect GDS working via the PHP Filter by making all of the global variables it uses explicitly global again. Say you got something like
$myglobalvar = 1;
you have to change this to
$GLOBALS['myglobalvar'] = $myglobalvar = 1;
After that explicit globalization you can use your variables as usual. It looks a bit odd but it doesn't break any code if you call it directly.
Of course you should make sure your variables and functions do not clash with internal Drupal variables and functions. A save way to do this is to prefix your variables with a unique string, f.e. renaming $myglobalvar to $myapp_myglobalvar.
In the case of Retrospect I had only one name space collision with Drupal, being the function t().
Even better of course would be not to rely on any variable being global, but that might require a bit of a rewrite of your code to pass all parameters via function calls.
Regards, Leonard.
Hello Jarry,
On Tue, 2011-01-18 at 21:10 +0100, Jarry wrote:
and after activating block I got white screen with some very nasty error message. It really scared me.
That'll teach you not to develop on live servers ;) . It helps if you read and try to understand the error message. Most likely the code you are loading contains errors which makes it unparsable and thus php bombs out and shows you an empty page. Use $ php -l <file> on a command line to check your php files for syntax errors.
While developing you can put ini_set('display_errors', 1); at the top of your php file. This will show all errors in the browser, so you don't have to keep the http error log open. Make sure to remove this statement when you transfer the file to the live site, because sometimes these errors contain sensitive information that you do not want to share with the rest of the world.
Setting error_reporting(E_ALL); also helps if the code that include your code set it to a lower level.
Regards, Leonard.
-
Fred Jones -
Jarry -
Leonard den Ottolander.nl -
Mr. Jarry
-
Mukesh Agarwal -
Steve Power -
Warren Vail