Adding PHP code into wordpress widgets

**brainsmith** · 12-04-2012, 03:28 AM

Hello friends, is there a way to insert PHP code into Wordpress text widgets? Please tell me how to do it.

**djr33** · 12-04-2012, 03:32 AM

My guess is no. Wordpress is based on PHP, but it probably doesn't allow PHP code within something that is used inside it-- that would likely require using eval() which is a potential security risk.

In theory, it's possible for wordpress to do this-- but I don't think it does.

Have you checked the manual/support site for this?

**keyboard1333** · 12-04-2012, 04:03 AM

Brainsmith, do you mean like this -
http://wordpress.org/extend/plugins/php-code-widget/
?

Edit -
Read traq's post and don't use this

**traq** · 12-04-2012, 04:48 AM

Just FYI, this falls into the incredibly stupid category.

Originally Posted by execphp.php [line 42]

PHP Code:


eval('?>'.$text);

Makes things really easy to hack.
Even easier to mess things up accidentally, all by yourself.

Originally Posted by php.net

Caution

The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.

-- php.net/eval

This "useful widget" ignores both of those warnings. It takes unfiltered user input and treats it like trusted PHP code.
It is a very serious security risk.

If you don't believe me, ask around.

You do not want to "execute arbitrary PHP code."

Thread: Adding PHP code into wordpress widgets

Thread Tools

Search Thread

Adding PHP code into wordpress widgets

Similar Threads

Speech Bubbles adding js and css using wordpress and location of files

Random Order Script, Wordpress, and code placement

Editting Twitter widgets?

Can someone please code a wordpress layout for me?

Web 2.0 | Widgets

Bookmarks

Bookmarks

Posting Permissions