1 rlyeh Dec 28, 2007 16:20
3 edb Dec 28, 2007 16:42
Not to diss your suggestion because a "Free PHP" widget would be cool, but the name "Free HTML" pretty much says "HTML" eh?
Yeah a way to do a custom bit of PHP without having to hack stuff open would be nice. Dunno if it's on anyone's plans though. Perhaps it will be if it's not?
4 edb Dec 28, 2007 16:44
Aha! BaileyWTNH's post jumped over here. That's good because both are clearly related.
BaileyWTNH I think you hit on the best solution imaginable: a "Free PHP" plugin that allows an admin to inject php code to a skin via a widget.
5 yabba Dec 28, 2007 16:53
You would REALLY need to think about security before you had a widget that allows php.
The last person who did something like this was kind enough to allow me to demonstrate how it could be used to lock them out of admin, upgrade my user to an admin and basically own his blog ;)
¥
6 baileyjs Dec 28, 2007 16:58
Thanks to whomever moved it. Funny how two people run into the same issue and post within mnutes of each other.
For those of you familiar with Joomla, there is an extention similar to what I would like to have for b2. It's "Joomla PHP module - mod_php" at http://fijiwebdesign.com/2007/content/view/94/26/
Mod_PHP is a Joomla module that allows you to embed PHP, HTML, JavaScript and CSS in a Joomla module position. It is based on mod_html which allows embedding HTML, JavaScript and CSS in a module position, but with the added benefit of allowing PHP code.
7 afwas Dec 28, 2007 17:20
If you really need it, the <iframe> trick within a free HTML widget works.
8 edb Dec 28, 2007 18:02
The security aspect is why, if *I* did it, only THE ADMIN would be allowed to include PHP via a widget.
But dig this: if THE ADMIN (meaning ID#1) could add php via a widget then we gain total ownership of *where* the include showed up. Instead of having to hack the sidebar and put an include either under or over the container.
Way beyond me though, and I accept that if those who can do it say it's too big a risk then it's too big a risk.
9 rlyeh Dec 28, 2007 18:19
¥åßßå wrote:
You would REALLY need to think about security before you had a widget that allows php.
The last person who did something like this was kind enough to allow me to demonstrate how it could be used to lock them out of admin, upgrade my user to an admin and basically own his blog ;)
¥
But that would require you having a user, yes? But anyway, I guess you're right about them php widgets -- I don't know the first thing about neither php or php security issues.
However running simple php code in the sidebar now is too complicated, methinks. I haven't got the foggiest about where to put code in the _sidebar_right.inc.php (but hopefully BaileyWTNH could show how?)
Afwas wrote:
If you really need it, the <iframe> trick within a free HTML widget works.
Indeed I hoped so, but I'm having problems opening links from within the iframe, for some reason. The "Babbel (Free HTML)" widget looks just like this:
<iframe name="babbel" src="http://chj.dyndns.org/dagbok/sitater.php" height="250" width="166" frameborder="0" target="_blank"></iframe>
...but still it tries to open the link in the small iframe window.
(to try for yourself, it's the third widget from the top, right hand side: http://chj.no:8080/)
Also, there is the design issue with the fixed frame for iframe, which has to be scaled for the largest possible output of text from the php script (or else if the output is larger than the frame, it gives scrollbars, and that's just plain ugly :lol:)
I havent't seen the Joomla extention BaileyWTNH refers to, but it sounds like just the thing I'd wish for. Let's just hope Santa hasn't already left, eh? :)
10 afwas Dec 28, 2007 18:31
Hi rlyeh,
If you had the possibility of a "free PHP widget" in stead of a "free HTML widget", you would have the same problem with the link not pointing to a new window.
11 rlyeh Dec 28, 2007 19:12
Afwas wrote:
Hi rlyeh,
If you had the possibility of a "free PHP widget" in stead of a "free HTML widget", you would have the same problem with the link not pointing to a new window.
Hi again, thanks for using your time on this.
Perhaps I din't explain well enough: the (major) iframe problem is that the link is opened within the iframe, not in the main window.
I can't see why a "Free PHP" widget should give the same limitations as an iframe? I have other Free HTML widgets ("Anbefalt Lesbart"), without iframe, where the link is opened in the current window.
Thanks again for helping!
12 afwas Dec 28, 2007 19:46
If I am correct the php file is hosted by you and not from some external site. If that is the case you can easily edit it and put the target="_blank" within the link it generates. That solves your problem.
I think you basically right in claiming that I was wrong.
Good luck
*edit*
If your host allows you to edit your .htaccess file you can parse PHP in HTML files. Search Google for that. [url=http://www.desilva.biz/php/phpinhtml.html]This[/url] is a sample page from a successful search. The result is an HTML file you can use in the free HTML widget.
13 rlyeh Dec 28, 2007 21:23
Indeed you are right, i used the «target="_blank"» in the iframe syntax within the widget: when I instead moved it to the php file, it worked.
On the other hand I'm sorry to say I didn't get the .htaccess advice to work, I did manage to copy the test file, and the test file did execute the php code perfectly, however the "Free HTML" widget did not.
So, yes: besides the design problem I mentioned, the problem is bypassed, thank you people!
However, I still think it would be a good idea to develop a "Free PHP" widget, as probably more experienced computer users than me will certainly try to find hacks to avoid using iframes, but of course I do agree with EdB 100% when he writes:
Way beyond me though, and I accept that if those who can do it say it's too big a risk then it's too big a risk.
My b2evolution Version: 2.x
I have a heavily hacked site that I am converting from 1.10.2 to 2.x using a reformatted evocamp skin.
My current page has six or seven items that are called up via php include(). When I saw the FreeHTML widget I thought this would be the perfect way to drop in the code and be able to move those blocks around from one position to another.
Much to my disappointment the php code did not execute.
While I could simply create skin_include( '_myinclude.inc.php' ) in _sidebar_right.inc.php or _sidebar_left.inc.php, it would be nice to have an easy way to add, remove or reposition the code blocks via admin.
Do I need to go through the steps of creating a plugin to accomplish this (not my first choice), or is there a better suggestion I could try?
Thanks for any and all ideas.