php-code in block is not executed...
Hi, I'm doing some stupid mistake here but I can not help myself: I created very simple block, using full-html format, with this block body : <?php include("ts3/ts3v.php"); ?> But when I configure it to be displayed on some page, it does not get executed, instead of that the very same text is shown. What am I doing wrong? Yet when I open my.site.tld/ts3/ts3v.php directly in browser it is correctly displayed with output as expected. So where is the problem? BTW, one more question: how could I get the above described block refreshed every 15 seconds? Jarry -- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
have you enabled the php input filter? In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php). On Tue, Jan 18, 2011 at 7:42 PM, Jarry <mr.jarry@gmail.com> wrote:
Hi, I'm doing some stupid mistake here but I can not help myself: I created very simple block, using full-html format, with this block body :
<?php include("ts3/ts3v.php"); ?>
But when I configure it to be displayed on some page, it does not get executed, instead of that the very same text is shown. What am I doing wrong?
Yet when I open my.site.tld/ts3/ts3v.php directly in browser it is correctly displayed with output as expected. So where is the problem?
BTW, one more question: how could I get the above described block refreshed every 15 seconds?
Jarry
-- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted. -- [ Drupal support list | http://lists.drupal.org/ ]
-- -- -- Steve Power Principal Consultant Mobile: +44 (0) 7747 027 243 Fax: +44 (0)160 421 2871 Skype: steev_initsix www.initsix.co.uk :: Initsix Heavy Engineering Limited -- This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of Initsix Heavy Engineering Limited. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. Initsix Heavy Engineering Limited Registered in the UK: 5036938 Registered Address: 243 Kettering Road, Northampton, NN2 7DU, England.
On 18. 1. 2011 20:55, Steve Power wrote:
have you enabled the php input filter?
No. Did not know I have to do it. But now I enabled, changed format to php, and after activating block I got white screen with some very nasty error message. It really scared me. I could not do anything because web was off-line, so I simply deleted that ts3v.php script and site recovered...
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal... Jarry
On Tue, Jan 18, 2011 at 7:42 PM, Jarry <mr.jarry@gmail.com ... <?php include("ts3/ts3v.php"); ?>
But when I configure it to be displayed on some page, it does not get executed, instead of that the very same text is shown. What am I doing wrong?
-- _______________________________________________________________ This mailbox accepts e-mails only from selected mailing-lists! Everything else is considered to be spam and therefore deleted.
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use: http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl... Google for how to make your first custom Drupal module HTH
I second Fred. Making a module is always a good idea. The code gets compiled before whereas in case of block, only while execution does the code get loaded from db and then is compiled and executed. I think the php accelerators like eaccelerator and stuff will not be able to cache the op code from the code which is saved in db. On Wed, Jan 19, 2011 at 4:31 AM, Fred Jones <fredthejonester@gmail.com>wrote:
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use:
http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl...
Google for how to make your first custom Drupal module
HTH -- [ Drupal support list | http://lists.drupal.org/ ]
-- Cheers, Mukesh Agarwal
You say block with php-script is bad idea, module is preferred solution. Unfortunatelly writing modules goes far beyond my capabilities (i'm quite new to drupal, and what is even worse, to php too). But what about creating block with iframe which calls this script within? Would it be better solution, than block with php-code? I could even move that script completely away, to different web-vhost (on the same physical server). In such a case, if that script fails, it should not crash the whole web-page, only that frame, I think... That php-script works, when I call it directly. It does not need mysql, only its own subdirectory structure, with files. I just want to include it on my web-page, but rewriting it to module would take me at least a few months... Jarry On Wed, Jan 19, 2011 at 8:40 AM, Mukesh Agarwal <mukesh.agarwal17@gmail.com>wrote:
I second Fred. Making a module is always a good idea. The code gets compiled before whereas in case of block, only while execution does the code get loaded from db and then is compiled and executed. I think the php accelerators like eaccelerator and stuff will not be able to cache the op code from the code which is saved in db.
On Wed, Jan 19, 2011 at 4:31 AM, Fred Jones <fredthejonester@gmail.com>wrote:
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use:
http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl...
Thought I'd just ask the unasked question, does your page contain vulnerabilities that can be exploited by hackers, vulnerabilities that could compromise your drupal site? Just for one example, does it allow loading your site disk with hundreds/thousands of space consuming files? Warren Vail _____ From: support-bounces@drupal.org [mailto:support-bounces@drupal.org] On Behalf Of Mr. Jarry Sent: Thursday, January 20, 2011 12:23 AM To: support@drupal.org Subject: Re: [support] php-code in block is not executed... You say block with php-script is bad idea, module is preferred solution. Unfortunatelly writing modules goes far beyond my capabilities (i'm quite new to drupal, and what is even worse, to php too). But what about creating block with iframe which calls this script within? Would it be better solution, than block with php-code? I could even move that script completely away, to different web-vhost (on the same physical server). In such a case, if that script fails, it should not crash the whole web-page, only that frame, I think... That php-script works, when I call it directly. It does not need mysql, only its own subdirectory structure, with files. I just want to include it on my web-page, but rewriting it to module would take me at least a few months... Jarry On Wed, Jan 19, 2011 at 8:40 AM, Mukesh Agarwal <mukesh.agarwal17@gmail.com> wrote: I second Fred. Making a module is always a good idea. The code gets compiled before whereas in case of block, only while execution does the code get loaded from db and then is compiled and executed. I think the php accelerators like eaccelerator and stuff will not be able to cache the op code from the code which is saved in db. On Wed, Jan 19, 2011 at 4:31 AM, Fred Jones <fredthejonester@gmail.com> wrote:
In general tho mate, this is bad practice. Put it in code somewhere, not in a block. (like page.tpl.php or node.tpl.php).
But where? And how can I have it displayed where I want, like blocks? I'm quite new to drupal...
Make a module and use: http://api.drupal.org/api/drupal/developer--hooks--core.php/function/hook_bl ock/6
On Thu, Jan 20, 2011 at 9:54 AM, Warren Vail <warren@vailtech.net> wrote:
Thought I’d just ask the unasked question, does your page contain vulnerabilities that can be exploited by hackers, vulnerabilities that could compromise your drupal site? Just for one example, does it allow loading your site disk with hundreds/thousands of space consuming files?
I would like to think it is secure, but no one can be sure. Even when I try to update it frequently, there still might be not_yet_discovered vulnerabilities. Users can upload files, but quota for disk space is applied. But even quota could be circumvented sometimes... Jarry
Jarry, it wont take much time to create a module.. follow this link -- http://www.myblogplanner.com/blog/block-module-drupal-6-x/ you dont really need to understand a lot of php and drupal in writing module.. "The first step is always the hardest" but it becomes a much easier practice.. On Thu, Jan 20, 2011 at 3:33 PM, Mr. Jarry <mr.jarry@gmail.com> wrote:
On Thu, Jan 20, 2011 at 9:54 AM, Warren Vail <warren@vailtech.net> wrote:
Thought I’d just ask the unasked question, does your page contain vulnerabilities that can be exploited by hackers, vulnerabilities that could compromise your drupal site? Just for one example, does it allow loading your site disk with hundreds/thousands of space consuming files?
I would like to think it is secure, but no one can be sure. Even when I try to update it frequently, there still might be not_yet_discovered vulnerabilities.
Users can upload files, but quota for disk space is applied. But even quota could be circumvented sometimes...
Jarry
-- [ Drupal support list | http://lists.drupal.org/ ]
-- Cheers, Mukesh Agarwal
Hello Jarry, On Thu, 2011-01-20 at 09:22 +0100, Mr. Jarry wrote:
That php-script works, when I call it directly.
If you call a php script via the Drupal PHP Filter it is included using eval() from within a function. The result of this is that none of your global variables remain visible as global. This is to avoid name space collisions, i.e. the overwriting of Drupal variables and functions with values coming from your script. Also, your script should not output any http headers (and preferably no html headers and body tag, so you cannot use template rendering engines like Smarty to display the page. You *can* use a template engine to return the content and echo that, as Drupal uses output buffering (ob_start()) for eval()ed scripts. I managed to get Retrospect GDS working via the PHP Filter by making all of the global variables it uses explicitly global again. Say you got something like $myglobalvar = 1; you have to change this to $GLOBALS['myglobalvar'] = $myglobalvar = 1; After that explicit globalization you can use your variables as usual. It looks a bit odd but it doesn't break any code if you call it directly. Of course you should make sure your variables and functions do not clash with internal Drupal variables and functions. A save way to do this is to prefix your variables with a unique string, f.e. renaming $myglobalvar to $myapp_myglobalvar. In the case of Retrospect I had only one name space collision with Drupal, being the function t(). Even better of course would be not to rely on any variable being global, but that might require a bit of a rewrite of your code to pass all parameters via function calls. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
Hello Jarry, On Tue, 2011-01-18 at 21:10 +0100, Jarry wrote:
and after activating block I got white screen with some very nasty error message. It really scared me.
That'll teach you not to develop on live servers ;) . It helps if you read and try to understand the error message. Most likely the code you are loading contains errors which makes it unparsable and thus php bombs out and shows you an empty page. Use $ php -l <file> on a command line to check your php files for syntax errors. While developing you can put ini_set('display_errors', 1); at the top of your php file. This will show all errors in the browser, so you don't have to keep the http error log open. Make sure to remove this statement when you transfer the file to the live site, because sometimes these errors contain sensitive information that you do not want to share with the rest of the world. Setting error_reporting(E_ALL); also helps if the code that include your code set it to a lower level. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
participants (7)
-
Fred Jones -
Jarry -
Leonard den Ottolander.nl -
Mr. Jarry
-
Mukesh Agarwal -
Steve Power -
Warren Vail