This plugin lets you execute dynamic PHP code in posts. It masks PHP code before balanceTags, and unmask them afterwards, so it should be safe to use PHP code that has literal HTML tags in it, for example: code which print out HTML.
WordPress 1.5. Version 1.2 is not supported. You will also need PHP version 4.3.0 or later.
Do NOT use this plugin if you can’t trust people who make posts in your WordPress installation, it is a HUGE security hole. User level is now supported! By default the plugin only operates on level 9 user.
- Download the plugin: phpexec.txt
- Rename the plugin to phpexec.php and put it into your
- Activate the plugin from WordPress administration menu
In posts, enclose any PHP code you want to execute with <phpcode> … </phpcode>.
Only real PHP code allowed, no <?php … ?> blocks allowed. The block will then be replaced by the output of PHP code. In <phpcode> blocks, you will need to start any PHP command with <?php and end it with ?> as usual.
From the WordPress admin menu, you can change minimum user level that is allowed to use the plugin. It is available from Options – PHPExec menu.
<phpcode> <?php echo "Current date and time: "; echo date("l dS of F Y h:i:s A"); ?> </phpcode>
Output of the above code:
Current date and time: Monday 27th 2015f April 2015 05:04:17 PM
This plugin is inspired by RunPHP, another plugin which accomplishes the same thing but did not work for me. Thanks to iang for tricks to make embedded PHP code feels more like a real PHP code. Some code are borrowed from WordPress source code. Thanks to Beau Collins for the user level code.
- First public release
- Non backward compatible change: now you need to enclose PHP code with <?php … ?> as you would do in real PHP script.
- Added filters to handle excerpts.
- Fixed a small error in evaled code, thanks to AJ for spotting this.
- Added user level security feature.
- Try to avoid using common variable names (thanks to David H. Brown)
- Removing debugging comments should fix the problem with automatic tag insertion done by WordPress.