diff --git a/core/modules/filter/filter.api.php b/core/modules/filter/filter.api.php
index 6675e4a..d186db6 100644
--- a/core/modules/filter/filter.api.php
+++ b/core/modules/filter/filter.api.php
@@ -107,9 +107,9 @@ function hook_filter_info() {
* implementations.
*/
function hook_filter_info_alter(&$info) {
- // Replace the PHP evaluator process callback with an improved
- // PHP evaluator provided by a module.
- $info['php_code']['process callback'] = 'my_module_php_evaluator';
+ // Replace the line break filter's process callback with an improved version
+ // provided by a module.
+ $info['filter_autop']['process callback'] = 'my_module_filter_autop';
// Alter the default settings of the URL filter provided by core.
$info['filter_url']['default settings'] = array(
diff --git a/core/modules/php/php.info b/core/modules/php/php.info
index 669a138..6b9278a 100644
--- a/core/modules/php/php.info
+++ b/core/modules/php/php.info
@@ -1,6 +1,5 @@
-name = PHP filter
-description = Allows embedded PHP code/snippets to be evaluated.
+name = PHP
+description = Allows permitted users to use custom PHP code in settings.
package = Core
version = VERSION
core = 8.x
-files[] = php.test
diff --git a/core/modules/php/php.install b/core/modules/php/php.install
deleted file mode 100644
index 12944dd..0000000
--- a/core/modules/php/php.install
+++ /dev/null
@@ -1,45 +0,0 @@
- 'PHP code'))->fetchField();
- // Add a PHP code text format, if it does not exist. Do this only for the
- // first install (or if the format has been manually deleted) as there is no
- // reliable method to identify the format in an uninstall hook or in
- // subsequent clean installs.
- if (!$format_exists) {
- $php_format = array(
- 'format' => 'php_code',
- 'name' => 'PHP code',
- // 'Plain text' format is installed with a weight of 10 by default. Use a
- // higher weight here to ensure that this format will not be the default
- // format for anyone.
- 'weight' => 11,
- 'filters' => array(
- // Enable the PHP evaluator filter.
- 'php_code' => array(
- 'weight' => 0,
- 'status' => 1,
- ),
- ),
- );
- $php_format = (object) $php_format;
- filter_format_save($php_format);
-
- drupal_set_message(t('A PHP code text format has been created.', array('@php-code' => url('admin/config/content/formats/' . $php_format->format))));
- }
-}
-
-/**
- * Implements hook_disable().
- */
-function php_disable() {
- drupal_set_message(t('The PHP module has been disabled. Any existing content that was using the PHP filter will now be visible in plain text. This might pose a security risk by exposing sensitive information, if any, used in the PHP code.'));
-}
diff --git a/core/modules/php/php.module b/core/modules/php/php.module
index 37bf9a1..fc95b27 100644
--- a/core/modules/php/php.module
+++ b/core/modules/php/php.module
@@ -2,7 +2,7 @@
/**
* @file
- * Additional filter for PHP input.
+ * Allows permitted users to use custom PHP code in settings.
*/
/**
@@ -13,11 +13,12 @@ function php_help($path, $arg) {
case 'admin/help#php':
$output = '';
$output .= '
' . t('About') . '
';
- $output .= '
' . t('The PHP filter module adds a PHP filter to your site, for use with text formats. This filter adds the ability to execute PHP code in any text field that uses a text format (such as the body of a content item or the text of a comment). PHP is a general-purpose scripting language widely-used for web development, and is the language with which Drupal has been developed. For more information, see the online handbook entry for the PHP filter module.', array('@filter' => url('admin/help/filter'), '@php-net' => 'http://www.php.net', '@php' => 'http://drupal.org/handbook/modules/php/')) . '
';
+ $output .= '
' . t('The PHP module allows PHP code to be used in certain configuration settings to limit actions or content to custom conditions. PHP is a general-purpose scripting language widely-used for web development, and is the language with which Drupal has been developed. For more information, see the online handbook entry for the PHP module.', array('@php-net' => 'http://www.php.net', '@php' => 'http://drupal.org/handbook/modules/php/')) . '
';
$output .= '
' . t('Uses') . '
';
$output .= '
';
$output .= '
' . t('Enabling execution of PHP in text fields') . '
';
- $output .= '
' . t('The PHP filter module allows users with the proper permissions to include custom PHP code that will get executed when pages of your site are processed. While this is a powerful and flexible feature if used by a trusted user with PHP experience, it is a significant and dangerous security risk in the hands of a malicious or inexperienced user. Even a trusted user may accidentally compromise the site by entering malformed or incorrect PHP code. Only the most trusted users should be granted permission to use the PHP filter, and all PHP code added through the PHP filter should be carefully examined before use. Example PHP snippets can be found on Drupal.org.', array('@php-snippets' => url('http://drupal.org/handbook/customization/php-snippets'))) . '
';
+ $output .= '
' . t('The PHP module allows users with the proper permissions to use the administrative interface to enter custom PHP code that will get executed when pages of your site are processed. For example, if this module is used with the core Block module, custom PHP code can be added to determine the pages on which a particular block will be visible.') . '
';
+ $output .= '
' . t('While this is a powerful and flexible feature if used by a trusted user with PHP experience, it is a significant and dangerous security risk in the hands of a malicious or inexperienced user. Even a trusted user may accidentally compromise the site by entering malformed or incorrect PHP code. Only the most trusted users should be granted permission to use PHP, and all PHP code should be carefully examined before use. Example PHP snippets can be found on Drupal.org.', array('@php-snippets' => url('http://drupal.org/handbook/customization/php-snippets'))) . '
' . t('Custom PHP code may be embedded in some types of site content, including posts and blocks. While embedding PHP code inside a post or block is a powerful and flexible feature when used by a trusted user with PHP experience, it is a significant and dangerous security risk when used improperly. Even a small mistake when posting PHP code may accidentally compromise your site.') . '
';
- $output .= '
' . t('If you are unfamiliar with PHP, SQL, or Drupal, avoid using custom PHP code within posts. Experimenting with PHP may corrupt your database, render your site inoperable, or significantly compromise security.') . '
';
- $output .= '
' . t('Notes:') . '
';
- $output .= '
' . t('Remember to double-check each line for syntax and logic errors before saving.') . '
';
- $output .= '
' . t('Statements must be correctly terminated with semicolons.') . '
';
- $output .= '
' . t('Global variables used within your PHP code retain their values after your script executes.') . '
';
- $output .= '
' . t('register_globals is turned off. If you need to use forms, understand and use the functions in the Drupal Form API.', array('@formapi' => url('http://api.drupal.org/api/group/form_api/7'))) . '
';
- $output .= '
' . t('Use a print or return statement in your code to output content.') . '
';
- $output .= '
' . t('Develop and test your PHP code using a separate test script and sample database before deploying on a production site.') . '
';
- $output .= '
' . t('Consider including your custom PHP code within a site-specific module or template.php file rather than embedding it directly into a post or block.') . '
';
- $output .= '
' . t('Be aware that the ability to embed PHP code within content is provided by the PHP Filter module. If this module is disabled or deleted, then blocks and posts with embedded PHP may display, rather than execute, the PHP code.') . '
';
- $output .= '
' . t('A basic example: Creating a "Welcome" block that greets visitors with a simple message.') . '
';
- $output .= '
' . t('
Add a custom block to your site, named "Welcome" . With its text format set to "PHP code" (or another format supporting PHP input), add the following in the Block body:
-
-print t(\'Welcome visitor! Thank you for visiting.\');
-
') . '
';
- $output .= '
' . t('
To display the name of a registered user, use this instead:
-
-global $user;
-if ($user->uid) {
- print t(\'Welcome @name! Thank you for visiting.\', array(\'@name\' => format_username($user)));
-}
-else {
- print t(\'Welcome visitor! Thank you for visiting.\');
-}
-
') . '
';
- $output .= '
' . t('Drupal.org offers some example PHP snippets, or you can create your own with some PHP experience and knowledge of the Drupal system.', array('@drupal' => url('http://drupal.org'), '@php-snippets' => url('http://drupal.org/handbook/customization/php-snippets'))) . '
';
- return $output;
- }
- else {
- return t('You may post PHP code. You should include <?php ?> tags.');
- }
-}
-
-/**
- * Implements hook_filter_info().
- *
- * Provide PHP code filter. Use with care.
- */
-function php_filter_info() {
- $filters['php_code'] = array(
- 'title' => t('PHP evaluator'),
- 'description' => t('Executes a piece of PHP code. The usage of this filter should be restricted to administrators only!'),
- 'process callback' => 'php_eval',
- 'tips callback' => '_php_filter_tips',
- 'cache' => FALSE,
- );
- return $filters;
-}
-
diff --git a/core/modules/php/php.test b/core/modules/php/php.test
deleted file mode 100644
index 8ead2ac..0000000
--- a/core/modules/php/php.test
+++ /dev/null
@@ -1,120 +0,0 @@
-drupalCreateUser(array('administer filters'));
- $this->drupalLogin($admin_user);
-
- // Verify that the PHP code text format was inserted.
- $php_format_id = 'php_code';
- $this->php_code_format = filter_format_load($php_format_id);
- $this->assertEqual($this->php_code_format->name, 'PHP code', t('PHP code text format was created.'));
-
- // Verify that the format has the PHP code filter enabled.
- $filters = filter_list_format($php_format_id);
- $this->assertTrue($filters['php_code']->status, t('PHP code filter is enabled.'));
-
- // Verify that the format exists on the administration page.
- $this->drupalGet('admin/config/content/formats');
- $this->assertText('PHP code', t('PHP code text format was created.'));
-
- // Verify that anonymous and authenticated user roles do not have access.
- $this->drupalGet('admin/config/content/formats/' . $php_format_id);
- $this->assertFieldByName('roles[1]', FALSE, t('Anonymous users do not have access to PHP code format.'));
- $this->assertFieldByName('roles[2]', FALSE, t('Authenticated users do not have access to PHP code format.'));
- }
-
- /**
- * Create a test node with PHP code in the body.
- *
- * @return stdObject Node object.
- */
- function createNodeWithCode() {
- return $this->drupalCreateNode(array('body' => array(LANGUAGE_NONE => array(array('value' => '')))));
- }
-}
-
-/**
- * Tests to make sure the PHP filter actually evaluates PHP code when used.
- */
-class PHPFilterTestCase extends PHPTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'PHP filter functionality',
- 'description' => 'Make sure that PHP filter properly evaluates PHP code when enabled.',
- 'group' => 'PHP',
- );
- }
-
- /**
- * Make sure that the PHP filter evaluates PHP code when used.
- */
- function testPHPFilter() {
- // Log in as a user with permission to use the PHP code text format.
- $php_code_permission = filter_permission_name(filter_format_load('php_code'));
- $web_user = $this->drupalCreateUser(array('access content', 'create page content', 'edit own page content', $php_code_permission));
- $this->drupalLogin($web_user);
-
- // Create a node with PHP code in it.
- $node = $this->createNodeWithCode();
-
- // Make sure that the PHP code shows up as text.
- $this->drupalGet('node/' . $node->nid);
- $this->assertText('print "SimpleTest PHP was executed!"', t('PHP code is displayed.'));
-
- // Change filter to PHP filter and see that PHP code is evaluated.
- $edit = array();
- $langcode = LANGUAGE_NONE;
- $edit["body[$langcode][0][format]"] = $this->php_code_format->format;
- $this->drupalPost('node/' . $node->nid . '/edit', $edit, t('Save'));
- $this->assertRaw(t('Basic page %title has been updated.', array('%title' => $node->title)), t('PHP code filter turned on.'));
-
- // Make sure that the PHP code shows up as text.
- $this->assertNoText('print "SimpleTest PHP was executed!"', t("PHP code isn't displayed."));
- $this->assertText('SimpleTest PHP was executed!', t('PHP code has been evaluated.'));
- }
-}
-
-/**
- * Tests to make sure access to the PHP filter is properly restricted.
- */
-class PHPAccessTestCase extends PHPTestCase {
- public static function getInfo() {
- return array(
- 'name' => 'PHP filter access check',
- 'description' => 'Make sure that users who don\'t have access to the PHP filter can\'t see it.',
- 'group' => 'PHP',
- );
- }
-
- /**
- * Make sure that user can't use the PHP filter when not given access.
- */
- function testNoPrivileges() {
- // Create node with PHP filter enabled.
- $web_user = $this->drupalCreateUser(array('access content', 'create page content', 'edit own page content'));
- $this->drupalLogin($web_user);
- $node = $this->createNodeWithCode();
-
- // Make sure that the PHP code shows up as text.
- $this->drupalGet('node/' . $node->nid);
- $this->assertText('print', t('PHP code was not evaluated.'));
-
- // Make sure that user doesn't have access to filter.
- $this->drupalGet('node/' . $node->nid . '/edit');
- $this->assertNoRaw('