Jump to content

Add PHP code on TPL files

Alberto464

By Alberto464
in Using WHMCS

 Share

Recommended Posts

brian! Senior Member

brian!

Posted
Posted

how soon is soon? my guess would be that they'll leave the feature in until v7 is released.

 

I can't see any reason to remove it before then - if it's a security risk, they shouldn't have added the option in the first place; if it's not, there's no need to remove it. :idea:

0
Link to comment
Share on other sites
twhiting9275 Senior Member

twhiting9275

Posted
Posted
f it's a security risk, they shouldn't have added the option in the first place

 

It wasn't "added", it was continued from previous generations of WHMCS, which used older versions of smarty (v2). In v3, this is highly frowned upon, and rightly so.

 

Instead of just removing the php capability entirely (which would inevitably upset quite a few people), they added the feature, leaving it disabled by default, and threw out a huge warning. This was the correct way to handle it.

 

Just like the mysql_xx functionality, they removed docs on how to use it, pointing to capsule and here you go.

 

I expect we'll probably see both of these removed in version 7. Of course, that's just speculation, but it's probably a fair bet.

0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
It wasn't "added", it was continued from previous generations of WHMCS, which used older versions of smarty (v2). In v3, this is highly frowned upon, and rightly so.

 

Instead of just removing the php capability entirely (which would inevitably upset quite a few people), they added the feature, leaving it disabled by default, and threw out a huge warning. This was the correct way to handle it.

err.. hold on... it wasn't "added".... but they "added the feature". :roll:

 

it was deprecated from Smarty v3, WHMCS felt it was still needed in the short-term and so added it back - it wasn't in previous versions of WHMCS, it was in previous versions of Smarty.

 

i'm not saying it was a bad thing they added it, and i've never really considered it a security risk anyway (plenty of them with WHMCS) - unless you were extremely careless.

0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted
The PHP tag is useful but certainly best to avoid it if possible.

that's certainly how I see it too... I think i've referred to it previously here as a "break glass in emergency" tool - best avoided, but if you have to use it, do so carefully.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept