User Tools

Site Tools


res:plugins:inlinephp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
res:plugins:inlinephp [2021/02/16 17:04] – [Inlinephp] lubomir_ludvikres:plugins:inlinephp [2021/02/27 12:35] (current) arvid
Line 1: Line 1:
 ====== Inlinephp ====== ====== Inlinephp ======
  
 +<WRAP center round alert 90%>
 +**Caution: This plugin allows the execution of arbitrary PHP code on your server.** 
 +
 +If an attacker manages to get into your admin account, the most evil I can do is destroying your blog's content (deleting entries and files, changing config etc.). Just exactly the functions FlatPress and its plugins provide.\\ 
 +But if you have this plugin enabled, the attacker could use every function of PHP to break out of your FP instance and mess up your server, or to set up malware on it, e.g. a spam relay or phishing sites.
 +
 +Be sure to have understood this fully before using this plugin! 
 +
 +**The better way to execute own PHP code is always to build your own plugin that does exactly what you need, but nothing more.**
 +</WRAP>
 Execute arbitrary php code from a flatpress page. Execute arbitrary php code from a flatpress page.
  
res/plugins/inlinephp.txt · Last modified: 2021/02/27 12:35 by arvid

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki