User Tools

Site Tools


res:plugins:inlinephp

Inlinephp

Caution: This plugin allows the execution of arbitrary PHP code on your server.

If an attacker manages to get into your admin account, the most evil I can do is destroying your blog's content (deleting entries and files, changing config etc.). Just exactly the functions FlatPress and its plugins provide.
But if you have this plugin enabled, the attacker could use every function of PHP to break out of your FP instance and mess up your server, or to set up malware on it, e.g. a spam relay or phishing sites.

Be sure to have understood this fully before using this plugin!

The better way to execute own PHP code is always to build your own plugin that does exactly what you need, but nothing more.

Execute arbitrary php code from a flatpress page.

[exec]echo(rand(10,100)); echo PHP_VERSION;[/exec]

Execute php file from folder /fp-plugins/locale.php

[exec]require_once('../locale.php');[/exec]

Refresch page every 30 or 20 seconds

[exec]header('Refresh: 30');[/exec]

[exec]echo(“<meta http-equiv='refresh' content='20'>”);[/exec]

Description

Plugin to execute PHP from flatpress pages.

Plugin by ChrisBlank

Download

res/plugins/inlinephp.txt · Last modified: 2021/02/27 12:35 by arvid

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki