diff -ur drupal-7.x-dev.orig/includes/common.inc drupal-7.x-dev/includes/common.inc --- drupal-7.x-dev.orig/includes/common.inc 2008-12-12 17:07:13.000000000 +0100 +++ drupal-7.x-dev/includes/common.inc 2008-12-17 19:34:30.000000000 +0100 @@ -1816,50 +1816,6 @@ } /** - * Evaluate a string of PHP code. - * - * This is a wrapper around PHP's eval(). It uses output buffering to capture both - * returned and printed text. Unlike eval(), we require code to be surrounded by - * tags; in other words, we evaluate the code as if it were a stand-alone - * PHP file. - * - * Using this wrapper also ensures that the PHP code which is evaluated can not - * overwrite any variables in the calling code, unlike a regular eval() call. - * - * @param $code - * The code to evaluate. - * @return - * A string containing the printed output of the code, followed by the returned - * output of the code. - */ -function drupal_eval($code) { - global $theme_path, $theme_info, $conf; - - // Store current theme path. - $old_theme_path = $theme_path; - - // Restore theme_path to the theme, as long as drupal_eval() executes, - // so code evaluted will not see the caller module as the current theme. - // If theme info is not initialized get the path from theme_default. - if (!isset($theme_info)) { - $theme_path = drupal_get_path('theme', $conf['theme_default']); - } - else { - $theme_path = dirname($theme_info->filename); - } - - ob_start(); - print eval('?>' . $code); - $output = ob_get_contents(); - ob_end_clean(); - - // Recover original theme path. - $theme_path = $old_theme_path; - - return $output; -} - -/** * Returns the path to a system item (module, theme, etc.). * * @param $type diff -ur drupal-7.x-dev.orig/modules/block/block.admin.inc drupal-7.x-dev/modules/block/block.admin.inc --- drupal-7.x-dev.orig/modules/block/block.admin.inc 2008-12-17 00:57:31.000000000 +0100 +++ drupal-7.x-dev/modules/block/block.admin.inc 2008-12-17 20:19:51.000000000 +0100 @@ -190,7 +190,7 @@ '#collapsed' => TRUE, ); - $access = user_access('use PHP for block visibility'); + $access = user_access('use PHP for visibility settings'); if ($edit['visibility'] == 2 && !$access) { $form['page_vis_settings'] = array(); $form['page_vis_settings']['visibility'] = array('#type' => 'value', '#value' => 2); @@ -200,7 +200,7 @@ $options = array(t('Show on every page except the listed pages.'), t('Show on only the listed pages.')); $description = t("Enter one page per line as Drupal paths. The '*' character is a wildcard. Example paths are %blog for the blog page and %blog-wildcard for every personal blog. %front is the front page.", array('%blog' => 'blog', '%blog-wildcard' => 'blog/*', '%front' => '')); - if ($access) { + if (module_exists('php') && $access) { $options[] = t('Show if the following PHP code returns TRUE (PHP-mode, experts only).'); $description .= ' ' . t('If the PHP-mode is chosen, enter PHP code between %php. Note that executing incorrect PHP-code can break your Drupal site.', array('%php' => '')); } diff -ur drupal-7.x-dev.orig/modules/block/block.module drupal-7.x-dev/modules/block/block.module --- drupal-7.x-dev.orig/modules/block/block.module 2008-12-17 00:57:31.000000000 +0100 +++ drupal-7.x-dev/modules/block/block.module 2008-12-17 20:10:10.000000000 +0100 @@ -109,10 +109,6 @@ 'title' => t('Administer blocks'), 'description' => t('Select which blocks are displayed, and arrange them on the page.'), ), - 'use PHP for block visibility' => array( - 'title' => t('Use PHP for block visibility'), - 'description' => t('Enter PHP code in the field for block visibility settings. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))), - ), ); } @@ -452,8 +448,11 @@ // is displayed only on those pages listed in $block->pages. $page_match = !($block->visibility xor $page_match); } + elseif (module_exists('php')) { + $page_match = php_eval($block->pages); + } else { - $page_match = drupal_eval($block->pages); + $page_match = FALSE; } } else { diff -ur drupal-7.x-dev.orig/modules/php/php.module drupal-7.x-dev/modules/php/php.module --- drupal-7.x-dev.orig/modules/php/php.module 2008-09-19 09:53:59.000000000 +0200 +++ drupal-7.x-dev/modules/php/php.module 2008-12-17 20:34:57.000000000 +0100 @@ -22,6 +22,62 @@ } /** + * Implementation of hook_perm(). + */ +function php_perm() { + return array( + 'use PHP for visibility settings' => array( + 'title' => t('Use PHP for visibility settings'), + 'description' => t('Enter PHP code in the field for visibility settings. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))), + ), + ); +} + +/** + * Evaluate a string of PHP code. + * + * This is a wrapper around PHP's eval(). It uses output buffering to capture both + * returned and printed text. Unlike eval(), we require code to be surrounded by + * tags; in other words, we evaluate the code as if it were a stand-alone + * PHP file. + * + * Using this wrapper also ensures that the PHP code which is evaluated can not + * overwrite any variables in the calling code, unlike a regular eval() call. + * + * @param $code + * The code to evaluate. + * @return + * A string containing the printed output of the code, followed by the returned + * output of the code. + */ +function php_eval($code) { + global $theme_path, $theme_info, $conf; + + // Store current theme path. + $old_theme_path = $theme_path; + + // Restore theme_path to the theme, as long as php_eval() executes, + // so code evaluted will not see the caller module as the current theme. + // If theme info is not initialized get the path from theme_default. + if (!isset($theme_info)) { + $theme_path = drupal_get_path('theme', $conf['theme_default']); + } + else { + $theme_path = dirname($theme_info->filename); + } + + ob_start(); + print eval('?>' . $code); + $output = ob_get_contents(); + ob_end_clean(); + + // Recover original theme path. + $theme_path = $old_theme_path; + + return $output; +} + +/** * Implementation of hook_filter_tips(). */ function php_filter_tips($delta, $format, $long = FALSE) { @@ -79,7 +135,7 @@ case 'description': return t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!'); case 'process': - return drupal_eval($text); + return php_eval($text); default: return $text; } diff -ur drupal-7.x-dev.orig/modules/system/system.install drupal-7.x-dev/modules/system/system.install --- drupal-7.x-dev.orig/modules/system/system.install 2008-12-03 17:32:22.000000000 +0100 +++ drupal-7.x-dev/modules/system/system.install 2008-12-17 20:35:11.000000000 +0100 @@ -3143,6 +3143,15 @@ } /** + * Change the PHP visibility permission. + */ +function system_update_7016() { + $ret = array(); + $ret[] = update_sql("UPDATE {role_permission} SET permission = 'use PHP for visibility settings' WHERE permission = 'use PHP for block visibility'"); + return $ret; +} + +/** * @} End of "defgroup updates-6.x-to-7.x" * The next series of updates should start at 8000. */