Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

PHP lines in discussions and comments

edited August 2007 in Vanilla 1.0 Help
Hi, Is it possible to "give" PHP lines in the body of discussions / comments , Example : <?php require("./livre.php"); ?>


  • you want to execute php in comments from users? that is not possible. it would present a gigantic security problem.
  • if you want to include your own .php files you need to use some sort of " [include file 1] " or whatever and than parse each comment upon creation or viewing...
  • OK. Looking for an alternative to php require, I have tried <iframe src="http://thelinktomypage.htm"></iframe> It may work, but : - I had to put a reference to my css file in thelinktomypage.htm - Under IE, the frame does not start at the top of comment, but only a screen down later - and I do not find out why and how to correct it... But what I have tried with success for lauching php script on a discussion page is a form, like : <form action="script.php" method="POST"> and the ad hoc button <input type="submit" value="Send" />
  • Why are you trying to include iframes and/or php scripts within the comments and discussions? Are you just letting people destroy your website? I hope they do.
  • Chris, you meanie LOL
  • Everyone has his own reasons for doing whatever he is doing ;-) @ klod If you need any (more) help, tell us what you are trying to achieve
  • What I like in Vanilla is the various possibilities it gives in how to use it. The one I try to build has open tocpis / discussions, that everyone can read, and so more personnal, that only members may read. Only the administrator can "write" discussions or comments. So there is no riks that someone will "destroy" my website. So I'm looking for other ways visitors can : - send me an email (via a form) - write something i my guessbook - registre for an event (give name, number of persons, date, ...) The way I did that in another life was with PHP (and csv files) - as I'm not good enought to make that with SQL. Even if it was not wonderful, it worked. I try to fin out how to get that also in vanilla. Using forms is a way to launch php scripts. The form is in the comment, and you need the php script somewhere on your website (uploaded with ftp for instance). What I want is now to give the html result of that script on a vanilla page. Any good idea will be appreciate. Many thanks.
  • edited August 2007
    Like Chris said, allowing people to evaluate PHP within a comment is highly risky. But I don't see a problem if, like you say, only administrators can comment.

    One way that you can parse PHP "on the fly", so to speak, is using PHPs eval() function:

    You could probably do something clever with preg_replace, PHP deliminators (<?php ?>) and eval(). It actually sounds like this could make an interesting extension, say, where certain roles (of your choosing) can have PHP evaluated within comments.

  • edited August 2007
    As far as I understand, when posting a comment, I'm in HTML mode. So nor <?php require("./livre.php"); ?> neither <div>eval("require("./livre.php");")</div> can be evaluated. I just see on the screen the caracters like I have typed them :( What is needed is a way to shift from HTML mode to PHP mode...
  • you can't post a comment with php in it. you would need to write an add-on for this to work. but there are many better ways to include a file in your comments than allowing users to eval php. imagine a user adding this: <?php readfile("./conf/database.php") ?>
  • If there are many better ways, which one would you advise ?
  • i'd love to advise you but i think you would be better off learning how to write an add-on to do what you want. it's not hard.

    Getting Started

    there are loads of add-ons out there that process the content of comments. pick a simple one like Markdown and study its code. i think you'll get an idea of how to do what you want.
  • i'd love being able to write add ons...
This discussion has been closed.