WordPress PHP Exec Plugin

This plugin lets you execute dynamic PHP code in posts. It masks PHP code before balanceTags, and unmask them afterwards, so it should be safe to use PHP code that has literal HTML tags in it, for example: code which print out HTML.

**Requirement**

WordPress 1.5. Version 1.2 is not supported. You will also need PHP version 4.3.0 or later.

Do **NOT** use this plugin if you can’t trust people who make posts in your WordPress installation, it is a **HUGE** security hole. User level is now supported! By default the plugin only operates on level 9 user.

**Installation**

1. Download the plugin: [phpexec.txt](https://priyadi.net/wp-content/plugins/phpexec.txt)
2. Rename the plugin to phpexec.php and put it into your `wp-content/plugins` directory
3. Activate the plugin from WordPress administration menu

**Usage**

In posts, enclose any PHP code you want to execute with <phpcode> … </phpcode>. Only real PHP code allowed, no <?php … ?> blocks allowed. The block will then be replaced by the output of PHP code. In <phpcode> blocks, you will need to start any PHP command with <?php and end it with ?> as usual.

From the WordPress admin menu, you can change minimum user level that is allowed to use the plugin. It is available from Options – PHPExec menu.

**Example**





**Demonstration**

Output of the above code:

**Credits**

This plugin is inspired by [RunPHP](http://mark.scottishclimbs.com/archives/2004/07/02/running-php-in-wordpress-posts/), another plugin which accomplishes the same thing but did not work for me. Thanks to [iang](http://fajran.net/) for tricks to make embedded PHP code feels more like a real PHP code. Some code are borrowed from WordPress source code. Thanks to [Beau Collins](http://beaucollins.com/) for the user level code.

**Changelog**

1.0:

* First public release

1.1:

* **Non backward compatible change**: now you need to enclose PHP code with <?php … ?> as you would do in real PHP script.

1.2:

* Added filters to handle excerpts.

1.3:

* Fixed a small error in evaled code, thanks to [AJ](http://s89631316.onlinehome.us/) for spotting this.

1.4:

* Added user level security feature.

1.6:

* Try to avoid using common variable names (thanks to David H. Brown)

1.7:

* Removing debugging comments should fix the problem with automatic tag insertion done by WordPress.

420 comments

  1. Kalo mau bisa ada <?php … ?> di dalam <phpcode> itu, data yang bakal di exec() musti ditambahin “<?” dulu di depannya..

    tinggal ngubah
    eval($php);
    menjadi
    eval(“<?”.$php);
    aja..

  2. eh iya, kebalik ya?

    tapi kok itu &gt?php hehee..

    sebenernya gak usah dibuka lagi juga gak apa2.. cukup tutup dulu di depannya aja.

  3. Pingback: Blogging Pro
  4. There is a bug in the code. I write this for the english users of the plugin, so they may correct this.

    Line 55:
    eval("?>". $php . "<php ");

    Should be:
    eval("?>". $php . "<?php ");

    Otherwise the server may not properly parse the content.

  5. Hi, thanks very much for developing this plugin. I’m trying to get it to work in my archives here. As you can see there is an error: “Call to undefined function: ob_get_clean()”. Is there anything I could have done wrong? The code I used in the post was (with all of the brackets “”): [phpcode?][php _e('Categories'); ?][/h2]
    [ul][?php list_cats(0, '', 'name', 'asc', '', 1, 0, 1, 1, 1, 1, 0,'','','','','') ?][/phpcode]
    I followed the instructions and did not change the plugin. Thanks in advance for your help!

  6. #21: Hi, from PHP homepage it looks like the function is only supported by PHP 4.3.0 or later version and you are currently using PHHP 4.1.2. You might want to upgrade your PHP to the latest version.

  7. Ok okay. Thanks ver much for finding that out for me. I’ll keep harassing my host about it (they want to charge a lot of money and I’m afraid to do it on my own).

  8. This plugin is a great idea.

    Suggestion for version 2: Make it so that only users above a certain user level can post php code. Perhaps it could check the user level of the author of the post or page, and if above a certain level (defined by the admin) it parses the php code. If the author is below the defined user level, then it does not parse the code and instead displays it as regular text. This would address the security concerns and allow people to use your plugin even if they don’t want to allow all users to post php code.

  9. To solve the security issue could you build in a hook that make it so when a user without the correct user_level (admin, or configurible through an options page) posts, if they attempt to add:


    <phpcode>
    </phpcode>

    it will just be stripped from the post.

    That way you can control who can run php code through posts.

  10. Pingback: Korangar - Test
  11. This plug in works great, save for one problem I’m having (admittedly not a problem with the plugin itself).

    I’m trying to embed a download link within a post, whereby the link is based on the post’s title. The code works fine in the template loop, but doesn’t retrieve the post_name from within the post itself. Here’s the code:

    post_name;?>.zip”>Download “”

    Any help would be appreciated.

  12. Grrr.. one more time :(

    (a href="http://www.website.com/downloads/(?php echo $post->post_name;?).zip")Download "(?php the_title(); ?)"(/a)

  13. I did ?php echo global $post->post_name;?
    and got this error:

    “Parse error: parse error, unexpected T_GLOBAL in /wp-content/plugins/phpexec.php(61) : eval()’d code on line 1”

  14. #56: yes, that alone should return nothing. the point is, if you want to use variable inside phpexec, you need to ‘global’ it before using it. in your case, you want to use the variable $post->post_name from outside phpexec. but by default it is not available within phpexec block, you will need to ‘global’ it first before you can use it.

  15. That all sounds more complicated, I’m not very well versed in php, I didn’t think pulling the post_name should be so hard! Thanks anyway.

  16. sweet plugin. i found it was more natural to use <exec> so i changed to that rather than <phpcode>. it would be nice if it work indifferently with <phpcode>, <phpexec>, and <exec>.

  17. Pingback: Testblog
  18. PHPExec stopped working for me a while back and I can’t even get it to do the sample code above. It stopped working prior to the WP upgrade.

    I use the Gila theme and many other plugins.

    Any idea as to why it is not working anymore? I just reinstalled it from the download link above and still no go.

  19. #79: could you try disabling all other plugins and see if phpexec is functioning correctly?

    #80: just post your question here.

  20. #82: well of course it conflicts with phpexec. phpexec relies on wordpress behavior that every post is parsed on each run. wp-preformatted changes this behavior so that posts are only parsed once (when posting or editing) and displayed from cache when visited.

    unfortunately this is very complicated. fixing this will require major overhaul of wordpress plugin API or at least integration of phpexec code into wp-preformatted or vice versa.

  21. Well, you just exceeded my brain capacity. Since I rely more on PHP Exec, I’ll leave the other off. Thanks for your help.

  22. Nice job, nice plugin!
    Will the plugin be update for WordPress 1.5. 1.2 soon?
    Thank you very much!

  23. How long will it be before this plugin works with 1.5.1.2? I really want to use it!! Are you planning on releasing a version that supports 1.5.1.2?

  24. Jonathan and Sproke, it looks as though he was writing that WP 1.5 is supported, but 1.2 is not. There’s a space in between both numbers.

  25. Hi,

    Thanks for the great plugin.

    But you said 1.5.1.2 is not supported, how come it works on my 1.5.1.2 blog?
    Check http://ying.homedns.org/wp/links/
    It calls function get_links_list() in the post. Ignore those characters you don’t know, they are just another language(traditional Chinese).

  26. What exactly is keeping this plugin from working in 1.5.1.2? It was working earlier today in 1.5.1.2, but then suddenly and randomly broke on me.

    I thought 1.5.1.1 -> 1.5.1.2 was a one line update?

  27. An example of broken functionality in WP 1.5.1.2

    <phpcode>
    1: <?php echo “text text text”; ?>

    2: <p>text text text</p>

    3: text text text
    </phpcode>

    lines 1 & 3 will work fine, but 2 comes out as some sort of hash. Oddly enough, removing all line breaks causes it to display the expected lines. That makes it look like there’s a WP filter somewhere that isn’t getting overridden.

  28. to clarify all. the plugin works in 1.5 series of wordpress, including 1.5.1, 1.5.1.1 and 1.5.1.2. in fact this blog is using 1.5.1.2.

    #96: no, the plugins don’t override other plugins. the only trickery it has is masking phpcode block so that other plugins won’t do anything funny with php code.

  29. I noticed that this code produces an error

    &ltphpcode>
    &lt?php
    $i = "hello world";
    echo "$i\n" ;
    ?>
    &lt/phpcode>

    Looks like the reason is that my $i is conflicting with the variable of the same name in phpexec. I was able to fix this by renaming all the variable names in phpexec.php. For example, replace $i with $phpexec_i. Just do a search for $ and replace with $phpexec_ for all variables except $_POST.

    -David

  30. I’m in the process of migrating a Movable Type weblog to WordPress. I’ve been using Advanced Poll for years, which embeds PHP in entries. Found PHP Exec for WP and got it working, but the polls are only half-working. Example:

    Old | New

    (the new URL will change when migration is complete). You can see that the PHP is executed, but many form elements and strings are missing.

    <phpcode>
    <?php

    /* paths and includes */
    $poll_path = “/path/to/poll”;
    include_once $poll_path.”/include/config.inc.php”;
    include_once $poll_path.”/include/class_poll.php”;

    /* initialize */
    $php_poll = new poll();

    /* set the template name and the poll ID */
    $php_poll->set_template_set(“plain”);
    echo $php_poll->poll_process(18);
    ?>
    </phpcode>

    Any idea how I can get this working? Using WP 1.5.1.2

    Thanks,
    Scot

  31. Why not allow to set to min user level 10? I only want me, (the admin, user level 10) to be able to use.

  32. Plus I cant get it to work at all. I check soure of post with the php and its just complely gone. :(

  33. #104: From the WordPress admin menu, you can change minimum user level that is allowed to use the plugin. It is available from Options – PHPExec menu.

    #105: could you post more information please?

  34. Hey,

    Yeah I know it is but you can not set to 10. It only allows a single digit so 9 is the higest you can set it to.

    Well I installed the plugin and enabled it and posted the example in this post but its just a blank posting. When I view the source of the page its just a blank post as if I just posted an empty comment.

    Also I noticed that is not listed via allowed_tags(); :(

    Thanks,
    Will

  35. #107: of course it won’t work. the plugin doesn’t work in comments, only in posts or pages. if I allowed it to work in comments, it will open up all sorts of security problem.

  36. @ 108

    Well sorry I did not know that. Maybe it should say that at the top of this page and read me. ;)

    Seeing atm it says:

    Do NOT use this plugin if you can’t trust people who make posts in your WordPress installation, it is a HUGE security hole.

    Which is not crossed out so that lead me to blieve it should work in posts, that is comments. Guess not.

    Thanks for your help though.

    Working great. :)

  37. Hi Priyadi, is there a reason why a paragraph tag appears right before the “end php” comment on this page? I surely didn’t place that tag in the page, so now it’s causing that page to not validate. :(

    Thank you!

  38. #120: i really have no idea, maybe it is added by another plugin? try disabling your other plugins one by one to see which one is doing that.

  39. Hmm, sorry but I couldn’t find any other plugins that caused that. :(( I noticed that my Archives page also has a break tag right after the begin comment. :-?

    This is so weird!

  40. Pingback: WB's WP Templates
  41. Cool plugin! I first tried RunPHP, but somehow it didn’t work for me :(
    Yours whereas works perfectly fine. :)

  42. I didn’t understand why your plugin didn’t work everytime for all post.
    Please, look at my site.

    Do I need to post only as an administrator for the plugin to work?

    Thanks

  43. #129: go to Options, then PHP Exec to adjust minimum user level required to use this plugin. you will need to lower the default to allow your regular user (non administrator) to use phpexec.

  44. Cool plugin – it is exactly what I want, now I can feed up my wordpress with additional data from MySQL :)>- The effects will be here: voip.pomocnik.com currently in Polish only, but in a few months should be in English too \:d/

  45. If anyone has any idea how to make this work inside an href i’d love to hear it. :)

    For example i’m trying to do:
    [a href=”http://www.google.com/[phpcode][?php echo “123456 “; ?][/phpcode]”]Link Here” respectively)

    But it just doesn’t want to work with this plugin or any other for that matter.
    Thanks.

  46. When outputting, WordPress seems to add an extra tag which makes the post/page invalid XHTML. I got rid of this by removing the comment tags.

  47. Hey… i’m trying tu use you’re plugin because i had the same problem with RUNPHP, but… still now i can’t insert php code in my posts, what happen? i install and activate the plugin and i tray with the exemple code bt it doesn’t works… :-?

  48. Pingback: H8R3D » Wordpress
  49. I am trying to use a php echo and then use the url to pull info into a variable.

    myblog.url/?something=yeahyeah

    then in the code

    [phpcode]
    [?php
    echo $something
    ?]
    [/phpcode]

    It should display yeahyeah on the page. Now when I assign the variable in the post like $something= “yeahyeah” it will work, but I really have to pull it from the url.

  50. not sure why it doesn’t work. I am currently using PHP version 4.3.10, MySQL version 4.0.25-standard and wordpress 1.5.2

    I put in this code in the post:

    The outcome is:

    Without the and . Anyone know why? Thanks.

  51. My frond from forum recommended me this plug-in which I will use to avoid archiving post by entering small php code into new geberated page and I am very happy becouse I can finally use Wordpree as CMS. Greetings!

  52. #196: yes, i still have to find the time to update all my plugins for 2.0. if phpexec doesn’t work, then probably all my plugins won’t work :(

  53. Is it just me, or did the most recent version really mess up the ability to use whitespace in the code? I had pages working fine until I upgraded, and now I have to collapse all the whitespace out (even in raw HTML blocks) for it to work correctly. I don’t know what version I was running before, but I’d estimate it was about a year old…

  54. Hi,

    to enable phpexec in rss-feeds, the only thing one has to add is the following line:
    add_filter(‘the_excerpt_rss’, ‘php_exec_process’, 2);

    cya.

    Omar Abo-Namous

  55. bah.. ilang contohnya..

    pri..

    gue gabungin phpexec sama RSS Feeds di dalem page

    <phpcode>
    <?php
    BDPRSS2::output(2);
    ?>
    </phpcode>

    koq linknya ilang yah ? kalo RSS Feedsnya diluar post/pages jalan tuh normal.. hasilnya
    <a href="blablabla"> jadinya <a > gini doang..

  56. Ich bin wirklich begeistert \:d/

    Wo gibt es das originalprogram ?
    Also der Ursprung der nicht auf worldpress umgeschrieben wurde ?

  57. That was my first thought as well when it didn’t work. I went into the database to try and figure out what the new user levels are but it says admin is 10 and the default 9 minimum should cover that. So, I’m assuming that the location of the user_level entry must have been changed as well…but that should result in a mysql error I think…hmm…I’ll have to look into the code I’ll tell you all what I find.

  58. Any change of making this plugin work in the default tinyMCE WYSIWYG mode of WordPress 2.0.1 ?
    Would be cool to be able to use in conjunction with WYSIWYG.

  59. Pingback: WP-RSS-ImportTwo
  60. Can someone give me a hand? I’ve tried to get this to work on 2.01 with the Yahoo Search plugin with no success.

    The yahoo plugin page is here: (http://www.robinsonhouse.com/yahoo-search-plugin)

    Are there any other search option that can be used as as seperate pages? For example I don’t want the search to appear on every page. I want a seperate search page (ex: http://url.com/search).

    If someone could help me out asap it would be greatly appreciated as I need I have for this is immediate as the site is launching 3/2/06.

    THANKS! If you you email me with any solutions at lalindsey@triplelproductions that would rock.

    Lindsey

  61. Please ignore my last comment, as I now see that the plugin does work in Pages as well as Posts.

    Will this allow PHP to encapsulate JavaScrip?

    (basically echo some JavaScript into the page which is generally not acceptable in WordPress as it converts the code to HTML entities)

  62. Found a way to get it working in WP2

    *after these lines in function php_exec_process

    if($phpexec_userdata->user_level >= php_exec_getuserlevel()){
    $phpexec_doeval = true;
    }

    …add this line:

    $phpexec_doeval = true;

    what it does is bypass the validation of user levels (and so it means any admin user level can add PHP!). This seems because of a caching problem in WP2 – the call:

    the_author('login',false)

    fails in v2, but works in v1.52

    Hope it helps to get you up and running…

    P.S. great plugin!

  63. V2 Fixed!

    …worked a bit more, and found out how to add level security back in – replace these lines at the beginning of the function php_exec_process:

    if($phpexec_userdata->user_level >= php_exec_getuserlevel()){
    $phpexec_doeval = true;
    }

    with these lines:

    global $authordata;
    $phpexec_doeval=($authordata->user_level>=php_exec_getuserlevel());

    That will let it work in 1.5.2 and 2, and still include security

  64. Hi,
    Good plugin but it does not work in WP 2.0 +
    Will there be an upgrade to get it working in 2.0 + ? Thanks…

  65. Hey.

    I’ve just installed the plugin and activated it, and when I try to use PHP code, the code is just displayed and not executed.

    Can anyone help me?

    Thanks,
    Luke

  66. I am having the same problem as Luke above. Cannot get code to execute it just keeps displaying the code itself.

    I am trying to insert a feed to display in the middle of my post. Here is the code I am using.

    It’s just displaying the code minus the phpcode tags.

    Thanks for your help,
    Mike.

  67. Luke – I’m having the same problem here. The code is displayed instead of executed. I’m using a PHP include to include RSS news feeds on my website. Until yesterday, the website displayed the feeds. Now, I’m only displaying PHP code. Help!

  68. If you are using Word Press 2.0, you will comment out line 49 and line 51 (leave line 50 active).

    They removed the old 0-9 user level in the newest version of Word Press.

  69. If you are using Word Press 2.0, you will comment out line 49 and line 51 (leave line 50 active).

    They removed the old 0-9 user level in the newest version of Word Press. I’m sure this can be fixed in the future.

  70. I must not be seeing the same lines as you… I try to comment out line 49 and line 51 (leave line 50 active) and I get an error.

  71. Are you still working on this plugin?
    I get this error when I activate it :(
    I am running WordPress 1.5.1.2
    What am I doing wrong?
    Help me please!

  72. you seem to have a small bug. any time I have a “>” character within the script it stops reading the php and just displays the rest of the code on the site as text. i think it thinks i am ending the script.

  73. I’m having the same issue. the plugin is not working when I use a php include. It works Ok for the sample php code provided here, but not with php include. It just displayed the include as text. Anyone find a solution

  74. \:d/ Just tested this in WP 2.0.4 and it works great. I always disable that visual editor anyway, this isn’t the only plugin that messes with. I didn’t have to alter the latest download of this plugin at all, works out of the zipfile, no issues! Thank you!
    :)>-

  75. WordPress database error: [Can’t create/write to file ‘/var/tmp/#sql_5ac5_0.MYD’ (Errcode: 17)]
    SELECT * FROM wp_noconcerpt_posts WHERE 1=1 AND (post_status = “publish” OR post_author = 1 AND post_status != ‘draft’ AND post_status != ‘static’) GROUP BY wp_noconcerpt_posts.ID ORDER BY post_date DESC LIMIT 0, 15

  76. Hello,

    My provided moved to php cgi. Everything is just fine except for the PHP Exec plugin 1.7 on my WP 1.5.2.

    After each new post I receive a server 500 Error. If I click back my browser to the previous page, the Write Post page including the new content is still there. Nevertheless the new entry is already posted and shows up okay.

    I can post normally after deactivating PHP Exec which is an annoyance because of my php code at the front page.

    Any help or idea?

  77. #315: i don’t see any reason why it wouldn’t work with php in cgi mode as i’m using cgi mode too. better consult your provider why it doesn’t work, they should know the answer.

  78. Hi, I’ve been using this great plugin for some months now and it has worked fine.
    But, today I noticed it just stopped working. Do you know of any incompatibility?

  79. #316. Thanks for responding. However, still have problems. I asked them to check PHP CGI and said it´s working okay. Will let you know if I could ever find a solution. It was perfect while working though!

  80. I was wondering if someone has used variable variables successfully with this plugin. I’ve been playing around with it for a bit and I’m getting an error when I use the following code:

    foreach($$class_name as $name){
    $weighted_stats[$name] = $stat_array[$ct];
    $ct++;
    }

    The error is “Warning: Invalid argument supplied for foreach() in /path/to/wp-content/plugins/phpexec.php(61) : eval()’d code on line 39”

    This works fine if I C&P the code into it’s own .php file and execute it on the same server.

  81. Hi-great plug-in.

    Today tried to do wp_list_pages for a site map.
    Works fine with no arguments, but fails completely (just shows the php clause, when I add arguments.

    Thoughts?

    Ted

  82. Me again.
    Previous post resolved!

    Tried my list_pages code again, but with fewer arguments this time.
    Hey presto – works like a charm.

    Why? Don’t know, don’t care.
    … but I’m happy.

    Reagrds

    Ted

  83. It works in 2.06. and thank you ^_^ Was totally needing a script like this one.

    Hm.. but is the ?> missing from the text file? Or is it unnecessary?

  84. Well,
    Your php of the plugin is wrong, in the end it’s:

    add_filter(‘excerpt_save_pre’, ‘php_exec_pre’, 29);
    add_filter(‘excerpt_save_pre’, ‘php_exec_post’, 71);
    add_filter(‘the_excerpt’, ‘php_exec_process’, 2);

    but, where is the code:

    ?>

    I’m sorry for my terrible english, i know it :-)

  85. There appears to be a problem with the visual editor in WordPress 2.1 if you edit a post that has the code in it. The new formatting removes the phpcode entered. Anyone else have this problem?

  86. Is there a fix for the plugin to work with WordPress 2.1? :-? If not, does anyone else have one? Thanks in advance.

  87. I have just installed it on WP 2.1 and it DOES seem to work :-? , at least the example:

  88. it appears that WordPress 2.1 strips the <?php tags when adding or editing as a security precaution — I don’t think there’s any good way for the plugin to work around that, besides automatically adding the tags. I worked around it by editing the post in the database. This is it working:

    http://www.joeterranova.net/friends/

  89. Those of you complaining about it not working – make sure you paste the php code into the “code” and not the “visual” section of writing a post or page.

  90. Fantastic plugin. Works perfectly. Now we can write almost anything in WordPress without resort to static web pages. Thanks.

  91. This scrolling all the way down with a little scroll bar is annoyin, if ur so good at php make this split into pages! jesus!!!!

  92. “Those of you complaining about it not working – make sure you paste the php code into the “code” and not the “visual” section of writing a post or page.”

    I don’t understand this… it is not working for me, it just displays the php as text in post or page.

  93. I am still having an issue getting this to work with query strings.

    ex: ?php echo "Link Text" ?

    They work fine if posted outside an href, but not inside.

    Solution from #135 does not seem to function.

    Any advice?

  94. I’m trying to get rss feed to be incorporated in the WP posting. it works ok. but all the php coding gone when ever I want to edit the posting. any idea what when wrong ? thanks. Azman

  95. Bos, gini neh ceritanya :
    saya install di localhost -> berjalan ok dan normal
    info : saya gunakan software vertrigo (php 5)

    namun ketika saya upload ke tempat hosting -> tidak mau jalan sama sekali, hanya mengembalikan

  96. Dear Priyadi,

    Nice plug-in. Although the documentation is not clear the source is self explanatory. I found a small compatability problem with latest WordPress release(2.2.2).

    on Line 48: $phpexec_userdata = get_userdatabylogin(the_author(‘login’,false));

    arguments to the_author() function are deprecated. You need to use the_author_login() or the_author_ID() for this purpose. I suggest the use of the_author_ID() and get_userdata($user_id) for query efficiency.

    for others, simply replace line 48 with the code below.

    on line 48: $phpexec_userdata = get_userdata(the_author_ID());

    Thank you. Keep up the good work.

  97. In my last comment i forgot to mention, to use get_the_author_ID() instead of the_author_ID().

    so summing up, the line 48 should be:

    $phpexec_userdata = get_userdata(get_the_author_ID());

    Thank you.

  98. The .txt file attached to this post is missing a ?> at the end. So, if you want to run this plugin, remember to put a ?> at the end once it’s changed to phpexec.php

    Until it’s updated here that is. :d/

  99. This is not working in WP 2.3 at all.

    I activated the plug in, added the missing ?> at the end of the file and made a page using JUST the example posted here.

    I am ONLY using the “code” method to create the page.

    All it shows me is the PHP code in the page.

    Please Help.

  100. I have the same problem in wordpress 2.1, the code just displays in the page.

    Is there a problem with the file or is it a compatability issue?

    I ask as the download seems to end abruptly, no closing tags (which may be correct) and code right down to the last line… some EOF comments may help avoid any confusion…

    Is this plug still maintained in any way, I see no comments from Priyadi for over 12 months??

  101. Thanks for this plugin :)

    I am using it with WPMU, and after making the two changes previously mentioned above [changing 1 line of code and closing the php bracket at the bottom of the file] I still found I could not edit pages with the code: any unrecognised html is stripped out of the pages. I had to go into the database and change the post content manually, but once I did – success! Might be a fix for some others who have the same problem of the code still not working.

  102. Pingback: Web-engineer's
  103. :-\” Guys would like to know how you can set a cookie with this plugin. I’m tracking keywords for my blog. So i capture 3 url parameters from my blog using GET then append them together to form my tracking id, which i need to store as a cookie

  104. Hello,

    The plugin is not working with the following code. I tested it on the html directly and it works, but not in the post editor. Other codes do work
    The code is:


    posts
    LEFT JOIN $wpdb->postmeta ON($wpdb->posts.ID = $wpdb->postmeta.post_id)
    LEFT JOIN $wpdb->term_relationships ON($wpdb->posts.ID = $wpdb->term_relationships.object_id)
    LEFT JOIN $wpdb->term_taxonomy ON($wpdb->term_relationships.term_taxonomy_id = $wpdb->term_taxonomy.term_taxonomy_id)
    WHERE $wpdb->postmeta.meta_value = 'Arezzo'
    ORDER BY $wpdb->postmeta.meta_value ASC
    ";

    $pageposts = $wpdb->get_results($querystr, OBJECT);

    ?>



    Sorry, but you are looking for something that isn't here.

    Thanks for the plugin!!

  105. Hi, am trying to find a php page plugin for WordPress MU (WPMU) 2.6…afraid of breaking my blog – do you know if this plugin (since it has not update recently that I can view) is compatible? I am trying to place a script with javascript in PAGE content (like the new firef.ly plugin for chat on a page). I dont know enough about coding or tweaking code in WPMU to mess with requirements. thnaks. CF

  106. Halo Mas,
    Maaf neh sebelumnya kalo postingan ini udah basi, saya juga mencoba plugin yang mas pri buat, tapi kok gak jalan ya di blog saya yang ini.

    tapi saya pake di blog yang ini bisa, bisa bantu?

  107. I am using multisite and it is not working in sub domains… It is working in my main site but not for my sub domains. Can any one help me out here… I am stuck

  108. a version that works with text widgets
    warning doesn’t check if user is permitted to use php in text widget!! this check stills works for pages and posts like it used to
    <?php

    /*
    original:
    Plugin Name: PHP Exec
    Plugin URI: http://priyadi.net/archives/2005/03/02/wordpress-php-exec-plugin/
    Description: Execute PHP Code inside a post. Do NOT use this plugin if you don't trust your WP users.
    Version: 1.7
    Author: Priyadi Iman Nurcahyo
    Author URI: http://priyadi.net/

    Inspired by runphp plugin by Mark Somerville
    http://mark.scottishclimbs.com/archives/2004/07/02/running-php-in-wordpress-posts/

    tiny addon for textwidgets by Di-Jo (I realy don't need credits for it, so I realy don't mind if you delete me when you made a version that has it I Just put it this note in to clarifie if it doesn't work it's not the orriginal creators fault
    */

    ### mask code before going to the nasty balanceTags ###
    function php_exec_pre($text) {
    $textarr = preg_split("/(.*)/Us”, $text, -1, PREG_SPLIT_DELIM_CAPTURE); // capture the tags as well as in between
    $stop = count($textarr);// loop stuff
    for ($phpexec_i = 0; $phpexec_i < $stop; $phpexec_i++) {
    $content = $textarr[$phpexec_i];
    if (preg_match("/^(.*)/Us”, $content, $code)) { // If it’s a phpcode
    $content = ‘[phpcode]’ . base64_encode($code[1]) . ‘[/phpcode]’;
    }
    $output .= $content;
    }
    return $output;
    }

    ### unmask code after balanceTags ###
    function php_exec_post($text) {
    $textarr = preg_split(“/(\\[phpcode\\].*\\[\\/phpcode\\])/Us”, $text, -1, PREG_SPLIT_DELIM_CAPTURE); // capture the tags as well as in between
    $stop = count($textarr);// loop stuff
    for ($phpexec_i = 0; $phpexec_i < $stop; $phpexec_i++) {
    $content = $textarr[$phpexec_i];
    if (preg_match("/^\\[phpcode\\](.*)\\[\\/phpcode\\]/Us", $content, $code)) { // If it's a phpcode
    $content = '’ . base64_decode($code[1]) . ”;
    }
    $output .= $content;
    }
    return $output;
    }

    ### main routine ###
    function php_exec_process($phpexec_text) {
    $phpexec_userdata = get_userdatabylogin(the_author(‘login’,false));
    if($phpexec_userdata->user_level >= php_exec_getuserlevel()){
    $phpexec_doeval = true;
    }

    $phpexec_textarr = preg_split(“/(.*)/Us”, $phpexec_text, -1, PREG_SPLIT_DELIM_CAPTURE); // capture the tags as well as in between
    $phpexec_stop = count($phpexec_textarr);// loop stuff
    for ($phpexec_i = 0; $phpexec_i < $phpexec_stop; $phpexec_i++) {
    $phpexec_content = $phpexec_textarr[$phpexec_i];
    if (preg_match("/^(.*)/Us”, $phpexec_content, $phpexec_code)) { // If it’s a phpcode
    $phpexec_php = $phpexec_code[1];
    if ($phpexec_doeval) {
    ob_start();
    eval(“?>”. $phpexec_php . “<?php ");
    $phpexec_output .= ob_get_clean();
    } else {
    $phpexec_output .= htmlspecialchars($phpexec_php);
    }
    } else {
    $phpexec_output .= $phpexec_content;
    }
    }
    return $phpexec_output;
    }

    function php_exec_options() {
    if($_POST['php_exec_save']){
    update_option('php_exec_userlevel',$_POST['php_exec_userlevel']);
    echo 'User level saved successfully.’;
    }

    ?>

    PHPExec Options

    Minimum User Level

    User Level:
    <input name="php_exec_userlevel" type="text" id="php_exec_userlevel" value="” size=”2″ maxlength=”1″ />
    Sets the minimum level to allow users to run PHP code in posts. If option is not set, then defaults to 9.

    <?php
    }

    function php_exec_adminmenu(){
    add_options_page('PHPExec Options', 'PHPExec', 9, 'phpexec.php', 'php_exec_options');
    }

    function php_exec_getuserlevel(){
    if($level = get_option('php_exec_userlevel')){
    return $level;
    } else {
    return 9;
    }
    }

    function php_exec_widget($text)
    {
    $phpexec_doeval = true;
    $phpexec_textarr = preg_split("/(.*)/Us”, $text, -1, PREG_SPLIT_DELIM_CAPTURE);
    $phpexec_stop = count($phpexec_textarr);// loop stuff
    for ($phpexec_i = 0; $phpexec_i < $phpexec_stop; $phpexec_i++)
    {
    $phpexec_content = $phpexec_textarr[$phpexec_i];
    if (preg_match("/^(.*)/Us”, $phpexec_content, $phpexec_code))
    { // If it’s a phpcode
    $phpexec_php = $phpexec_code[1];
    if ($phpexec_doeval)
    {
    ob_start();
    eval(“?>”. $phpexec_php . “

  109. //the above was missing this piece
    $phpexec_php . “<?php ");
    $phpexec_output .= ob_get_clean();
    }
    else
    {
    $phpexec_output .= htmlspecialchars($phpexec_php);
    }
    }
    else
    {
    $phpexec_output .= $phpexec_content;
    }
    }
    return $phpexec_output;
    }

    add_action('admin_menu','php_exec_adminmenu',1);

    add_filter('content_save_pre', 'php_exec_pre', 29);
    add_filter('content_save_pre', 'php_exec_post', 71);
    add_filter('the_content', 'php_exec_process', 2);

    add_filter('excerpt_save_pre', 'php_exec_pre', 29);
    add_filter('excerpt_save_pre', 'php_exec_post', 71);
    add_filter('the_excerpt', 'php_exec_process', 2);
    add_filter('widget_text', 'php_exec_widget', 1);

  110. I am looking for something that displays html text directly in the article, instead of a link to it – is something like that available

  111. Kita coba pake plugin ini dan lumayan bisa nambah buat blog jadi lebih dinamis, cuman kita masih cari cara supaya bisa lebih terjamin security-nya karena pengaturan user level di tempat kita juga agak susah.

  112. Thank you so much – this is exactly what I searched for. I haven´t even try it – but gladly I found a solution to look at!

  113. Like #386 I can only get the plugin to work, it admin is called admin and not his or her full name. Is there a way around this? coz I prefer not to have it called admin.

  114. @386 & @402: To be able to use the full name for the administrator, make this change in the code. The old way of checking if a user has administrator rights doesn’t work anymore and I updated it to use a more modern method.

    Replace:

    $phpexec_userdata = get_userdatabylogin(the_author('login',false));
    if($phpexec_userdata->user_level >= php_exec_getuserlevel()){
    $phpexec_doeval = true;
    }

    With:

    if( get_the_author_meta('user_level') >= php_exec_getuserlevel()){
    $phpexec_doeval = true;
    }

  115. Hi, I’m trying to use this plugin on a wordpress multisite installation (path based). It works great on my main site gallery page here but does not work on my secondary site gallery page here

    Any ideas??

Leave a comment

Your email address will not be published. Required fields are marked *