Calling PHP code in droplet and security?

NorHei · May 19, 2011, 10:26:04 PM

As Droplets is a Modul you can still install a version whithout that problem .

pcwacht · May 19, 2011, 09:55:51 PM

ps, that security issue you referring to is:
in wb3 changes are commands like eval and include will be forbidden in droplets and code

In wb2.8 (current stable) it is still allowed as are all php commands.
Droplets don't echo output direct, they return output instead.

There are some debates about wanting this 'feature'

John

NorHei · May 19, 2011, 08:16:41 PM

If the include is specially build for use in a droplet this is posible, otherwise you have to use this:

Code Select


ob_start();
include("includes/file.php");
$output=ob_get_contents();
ob_end_clean();
return $output ;

A droplet expects you to return a value just like a function does.

pcwacht · May 19, 2011, 07:21:06 PM

sorry missed this post, ah well, better late then never

To only include a file as a droplet seems a bit weird, maybe better
to open the file, copy the contents to a droplet, remove the <?php ?> php tags
check for echo's since a dorplet can't echo

Maybe better to copy the content into a code section?

If yo uneed to include a file make sure paths are correct!
Sometimes a matter of trial and error.

John

MarkPrima · May 13, 2011, 09:43:10 PM

Hi everyone,

I have read about security using the include call in a droplet.
But I was wondering if this can be a droplet " <?php include("includes/file.php"); ?>

Ultimately, I would like to use this to include a contact form.

Thanks

News:

Calling PHP code in droplet and security?

NorHei

pcwacht

NorHei

pcwacht

MarkPrima