Jump to content
Alberto464

Add PHP code on TPL files

Recommended Posts

{php}
include "livesupport.php"; 
{/php}

... and remember to enable {php} tags in setup -> general settings -> security

Share this post


Link to post
Share on other sites

how soon is soon? my guess would be that they'll leave the feature in until v7 is released.

 

I can't see any reason to remove it before then - if it's a security risk, they shouldn't have added the option in the first place; if it's not, there's no need to remove it. :idea:

Share this post


Link to post
Share on other sites
if it's a security risk, they shouldn't have added the option in the first place

And yet, this is the text with the setting:

"Tick to allow use of the Smarty {php} tag in templates. This is considered a security risk."

Share this post


Link to post
Share on other sites
f it's a security risk, they shouldn't have added the option in the first place

 

It wasn't "added", it was continued from previous generations of WHMCS, which used older versions of smarty (v2). In v3, this is highly frowned upon, and rightly so.

 

Instead of just removing the php capability entirely (which would inevitably upset quite a few people), they added the feature, leaving it disabled by default, and threw out a huge warning. This was the correct way to handle it.

 

Just like the mysql_xx functionality, they removed docs on how to use it, pointing to capsule and here you go.

 

I expect we'll probably see both of these removed in version 7. Of course, that's just speculation, but it's probably a fair bet.

Share this post


Link to post
Share on other sites
It wasn't "added", it was continued from previous generations of WHMCS, which used older versions of smarty (v2). In v3, this is highly frowned upon, and rightly so.

 

Instead of just removing the php capability entirely (which would inevitably upset quite a few people), they added the feature, leaving it disabled by default, and threw out a huge warning. This was the correct way to handle it.

err.. hold on... it wasn't "added".... but they "added the feature". :roll:

 

it was deprecated from Smarty v3, WHMCS felt it was still needed in the short-term and so added it back - it wasn't in previous versions of WHMCS, it was in previous versions of Smarty.

 

i'm not saying it was a bad thing they added it, and i've never really considered it a security risk anyway (plenty of them with WHMCS) - unless you were extremely careless.

Share this post


Link to post
Share on other sites

The PHP tag is useful but certainly best to avoid it if possible. I use it personally on my own websites but won't use it in development for customer's/WHMCS related products.

Share this post


Link to post
Share on other sites
The PHP tag is useful but certainly best to avoid it if possible.

that's certainly how I see it too... I think i've referred to it previously here as a "break glass in emergency" tool - best avoided, but if you have to use it, do so carefully.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated