Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
I noticed that the 6.x-2.x version allows an admin to execute php. Does the 7.x-1.x branch also have this feature?
I ask because of #2006500: block bueditor execute php feature.
Comments
Comment #1
ufku CreditAttribution: ufku commentedYes it does
Comment #2
gregglesWhich permission does it use?
Comment #3
ufku CreditAttribution: ufku commented'administer bueditor' which has 'restrict access' flag set to true
Comment #4
gregglesGreat thanks.
In general, I'd say it would be great if there were a way to achieve the same goal without allowing users to execute PHP. On sites that use suhosin to disable execution of php this feature will fail to work.
Comment #5
gregglesEDIT: On sites that use suhosin to disable execution of php via evail this feature will fail to work.