Missing help page: PHP Filter module

Looking at the regular "Filter" module help from D6 and at the "Filter module" help from D5, I don't think we need a whole lot here. I think it would be sufficient to simply link to the Filter module help and then say that this module evaluates php code.

What about just using the text that gets added to the filter tips?

Here's a starting point, but you don't have to use it:

The PHP Filter adds the ability to use PHP in a node. You can use it for creating dynamic page content, or database queries. Drupal.org contains some example PHP Snippets, or you can create your own.

PHP also creates security risks that the administrator should be aware of. Untrusted users should not be allowed to use the PHP Filter because they can manipulate your database or compromise your system.

Let's explain what is PHP all about. This is a user facing module after all. Also don't use "node" in user facing help, user "post" or "content".

The PHP Filter adds the ability to use PHP scripts in posts. PHP is a programming language, in which the backend of this website itself is written. Allowing users to use PHP in their posts lets them generate dynamic page content and execute database queries. This is a very powerful feature but at the same time brings security risks, if given in the hand of untrusted people. Malicious users can manipulate your database or compromise your system with this filter easily. You should only give permission to this filter for users you highly trust.

Drupal.org offers <a href="http://drupal.org/handbook/customization/php-snippets">some example PHP Snippets</a>, or you can create your own with some PHP experience and Drupal programming knowledge.

Patch is mostly from comment #4, but with some grammar changes.

Should we list the api.drupal.org, and the PHP documentation page?

There is also some information in the filter/tips page, in which you have permission for the PHP Filter.

I haven't put this in patch form yet, but I easily can (and will). What about something like the following, which builds off of the last several suggestions.

The PHP Filter adds the ability to include PHP code in posts. PHP is a general-purpose scripting language widely-used for web development; the content management system used by this website has been developed using PHP code. Through the PHP Filter, users with the proper permissions may include custom PHP code within a page of this site. While this is a powerful and flexible feature if used by a trusted user with PHP experience, it is a significant and dangerous security risk in the hands of a malicious user. Even a trusted user may accidentally compromise the site by entering malformed or incorrect PHP code. Only the most trusted users should be granted permissions to use the PHP Filter, and all PHP code added through the Filter should be carefully examined before use.

 Drupal.org offers some example PHP snippets, or you can create your own with some PHP experience and Drupal programming knowledge. 

And the patch with the text from above.

the content management system used by this website has been developed using PHP code.
Maybe
Drupal is written in PHP

To the extent we want to make it easy to enable profiles built on Drupal it's better to say "content management system" or just "system" instead of "Drupal".

You might change "Drupal programming knowledge" to "knowledge of the Drupal API." or "knowledge of the Drupal CMS." or "knowledge of the Drupal framework." The current version implies that Drupal is a programming language, when it is really an API/framework.

Also, "granted permissions" should be "granted permission".

New patch attached incorporating the suggestions from ChrisKennedy's comments in #12.

Or rather, this one is.

On closer inspection, there were actually two instances of "permissions" that needed to be "permission" in the text; this patch adjusts both of them.

Shouldn't "Drupal.org" link to, say, drupal.org?

Absolutely it should. Or surely it can. Or something like that.

New patch attached adding Drupal.org as a link.

The last minor thing is that in "all PHP code added through the Filter" it looks weird to have filter capitalized. IMO it should either be lowercase or the full "PHP Filter".

Good point. Patch updated, and now refers to "PHP Filter" in place of just "Filter".

Thanks for reviewing.

Committed the latest patch with some modifications:

- "PHP Filter" should actually be "PHP filter". Drupal is more towards European conventions in which we don't capitalize est paragraph and say Drupal outright.
- Drupal CMS modified to Drupal system (it should have been Drupal API, but I tried to not use technical terms

Thanks for everybody involved.