res:plugins:inlinephp
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
res:plugins:inlinephp [2021/02/16 10:21] – created dsteuer | res:plugins:inlinephp [2021/02/27 12:35] (current) – arvid | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== Inlinephp ====== | ====== Inlinephp ====== | ||
+ | <WRAP center round alert 90%> | ||
+ | **Caution: This plugin allows the execution of arbitrary PHP code on your server.** | ||
+ | |||
+ | If an attacker manages to get into your admin account, the most evil I can do is destroying your blog's content (deleting entries and files, changing config etc.). Just exactly the functions FlatPress and its plugins provide.\\ | ||
+ | But if you have this plugin enabled, the attacker could use every function of PHP to break out of your FP instance and mess up your server, or to set up malware on it, e.g. a spam relay or phishing sites. | ||
+ | |||
+ | Be sure to have understood this fully before using this plugin! | ||
+ | |||
+ | **The better way to execute own PHP code is always to build your own plugin that does exactly what you need, but nothing more.** | ||
+ | </ | ||
Execute arbitrary php code from a flatpress page. | Execute arbitrary php code from a flatpress page. | ||
Line 6: | Line 16: | ||
echo PHP_VERSION; | echo PHP_VERSION; | ||
+ | |||
+ | Execute php file from folder / | ||
+ | |||
+ | '' | ||
+ | |||
+ | Refresch page every 30 or 20 seconds | ||
+ | |||
+ | '' | ||
+ | |||
+ | '' | ||
===== Description ===== | ===== Description ===== | ||
- | Plugin to execute PHP from flatpress pages. | + | Plugin to execute PHP from flatpress pages. |
- | announced in the [[https:// | + | |
+ | Plugin by [[http:// | ||
===== Download ==== | ===== Download ==== | ||
- | [[res: | + | {{ res: |
res/plugins/inlinephp.1613467269.txt.gz · Last modified: 2021/02/16 10:21 by dsteuer