[development] Re: Remove PHP filter by default

Raven Brooks raven.brooks at buyblue.org
Sun Jan 29 20:32:46 UTC 2006

Why is the existing option to disable this or limit it to certain  
roles not sufficient?  One simply has to go to admin/filters and  
click disable if they don't want it.  Perhaps the documentation or  
install instructions need to be enhanced to have a chapter about  
security (i.e. if you want to secure your site here are all the  
things you can do and their impact).

As others have said, just because you are writing PHP doesn't mean  
you are coding functionality, you may just be trying to generate  
dynamic content on your site in a block or something.  That is  
something drupal should allow and you should need to write a module  
to do that.

Drupal is not exclusively used by people that can get in there and  
upload files to their FTP server.  If that was to be offered as   
"more secure" way of doing things that is fine, but it should be an  
administrator choice it shouldn't be required.

More information about the development mailing list