php code is visible

  • Resolved netrover

    (@netrover)


    15 years, 6 months ago

    I need to add a page with php code on it. I switch to HTML mode and paste the php code, but WP strips the php tags, and I can see the code text on preview. How do I fix?

Viewing 7 replies - 1 through 7 (of 7 total)

  • Guessing you are doing it out of the box. You need to use the php exec plugin. You can find it:
    https://www.ads-software.com/extend/plugins/exec-php/

    If you have other people posting be very very very careful who you allow to use it. Allowing php code is very dangerous.

    Pages and posts don’t support PHP code.

    Try installing Exec-PHP: https://www.ads-software.com/extend/plugins/exec-php/ this is a plugin which will allow you to do this.

    Thread Starter netrover

    (@netrover)

    Hi,

    thanks for the plug-in reference. I installed it and activated it, but the problem persists– php tags disappear when I switch to view; i haven’t published it yet.

    I’m a bit surprised that a plug-in is needed in order to run php on a WP page. How do affiliate marketers track their page hits and keywords?

    Thread Starter netrover

    (@netrover)

    I just published the page anyways, and I do not see the code anymore. I think it’s working; even thought preview mode shows the code.

    You can always edit the templates directly – they are all in PHP.

    If you want to show code on the page, as in display it for others to copy and paste (or just view) etc…

    Code snippets, that kinda thing… try this..
    https://www.ads-software.com/extend/plugins/syntaxhighlighter-plus/

    I believe with the plugin you must disable the Visual editor. Don’t just Not use the visual editor as it still can strip the code. You need to edit with the html editor. Should be documeneted somewhere. You can turn it back on when doing posts that don’t have php.

    Allowing PHP code natively in a CMS would be extremely dangerous. Especially since most allow other Users to create posts & Pages. Consider this if you allow User permissions within execphp.
    The issue is someone could post code to do nearly anything including deletes with your database. Could even be made to transfer or change any file (non-WP) sitting on your hosting account. The PHP code would run from the server with full permissions.
    Had a client (not on WP) last year who had a site with a cron job running daily sending all files & databases which all originated from some php code that was allowed in a certain web app. In addition someone else setup their own website within his site. Be Very, very, careful….

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘php code is visible’ is closed to new replies.