runPHP Plugin for WordPress
Update: 2.3.1 - Important security fix, should work on PHP4 again. Thanks for all the quick information regarding the break!
runPHP is a WordPress plug-in that enables users to embed PHP code directly into their posts.
runPHP 2.3.1 is now available! It does work with WordPress 2.2.x; it fixes some important SQL-injection vulnerabilities and should work with PHP4. (Let me know ASAP if it doesn’t!)
What’s New
- Using a global DEFINE instead of a class static member variable so it works with PHP4 again.
- Adjusted code to catch possible SQL-injection vulnerabilties (Thanks to Benjamin Flesch of mybeNi websecurity. )
See the full changelog, or browse our SVN repository.
A forum for discussing issues and experiences with this plugin is available at www.nosq.com/forum. (free, captcha-based registration required) It might be easier to get my attention via the contact form though.
Download
- runPHP 2.3.1 - .zip file of latest version - only for WordPress 2.0 or higher
Sorry, but previous (1.5.x) versions of WordPress are no longer supported.
New Features
- Permission to use runPHP is controlled by Roles and Capabilities
- Configure those permissions in the new runPHP Options page
- Also works in your feeds (RSS, RSS2, Atom, & RDF)
- Better integration with WordPress 2.0 administrative UI
- Internationalization support: English (default), German, and French so far
- Refactored code - friendlier function names, encapsulated in a class
- Now works on PHP4 servers as well! (see caveats, below, though)
User Manual
See the runPHP manual page.
Also, runPHP has been given its own page on this blog. In the future, all updates were be published there, though this entry will remain open for comments.
Sample Code
<?php
$curDate = date('D., F jS Y H:i:s');
echo "\n<p>";
echo 'Right now the server thinks it is ' . $curDate;
echo "\n</p>";
?>
Result:
Right now the server thinks it is Sat., May 17th 2008 01:15:38
(only showing the 10 most recent - View All Comments)
sorry call used is
” “
Ok well the php code wont show on you web site so here is a trial version of it
“===<====? include(’randomquote.php’);?===>====”
the same without the====
OK apologogies I have answered my own question .
the call should have been
======
(minus the ==== things)
===<===?php include (TEMPLATEPATH . ‘/randomquote.php’); ?>===
Thank you again for this great plugin. I am happily using runPHP, but I am now facing an unexpected problem.
The problem is that the main feed returned :
PHP Fatal error: Maximum execution time of 30 seconds exceeded in /…/wp-includes/formatting.php on line 685
I had to reduce the number of posts in the syndication feed to 3 to get rid of this error message.
On top of that, when looking at the content of the feed, I see that some parts of my PHP script included in the posts are not correctly executed, while no problem like this appears when viewing the post itself. It seems that my PHP script is not able to open some data file when called by the feed.
Any thoughts ?
I am still using PHP4 and it doesn´t work probably…
What did i wrong??
This is a really sweet plugin, thanks for sharing. For me it basically means that I can write my own quick plugins straight into the page without having to write the usual plugin bumpf.
Thanks
Hola, genial tu articulo, pero me gustaría poder ver los enlaces, no aparencen o hay algún problema, me interesa saber si se tienen que cambiar los permisos solo si se usa el plugin o no?. Gracias
I keep encountering the folowing problem. Anytime I add links in the dashboard, all my posts disappear and in the side bar appaers a message:
I’ve recently had problem with embedding php to my posts. Now I see the solution. Thanks!