Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
This project is not covered by Drupal’s security advisory policy.
WARNING: DO NOT USE THIS MODULE
If you are considering downloading this module, there is probably a better way to solve whatever problem you are having. However, I believe in a free democracy that allows people to make their own choices.
Please learn how to use Twig properly:
- Twig in Drupal 8
- Twig Best Practices
- An Introduction to Twig in Drupal 8 Themes
- Filters - Modifying Variables In Twig Templates
- Extending Twig
This module allows you to execute PHP code from Twig templates.
There are various "permission levels" you can enable/disable:
php- Execute any arbitrary PHP codephp_include- Include a PHP filephp_require- Require a PHP filephp_function- Executes a PHP function
Access to the various PHP capabilities are controlled in the twig_php.settings config storage.
You must enable each specific filter. Nothing will work by default.
You can enable/disable functionality using Drupal Console:
> drupal config:override twig_php.settings allow_function_execution 1
> drupal config:override twig_php.settings allow_function_execution 0Various config options:
allow_function_execution - Allows you to execute any PHP function.
allow_require_file - Allows you to 'require' a file.
allow_include_file - Allows you to 'include' a file.
allow_php_execution - Allows you to execute arbitrary PHP code.
You can enable specific functions for the php_function filter by setting the allowed_functions config option:
> drupal config:edit twig_php.settings
allowed_functions:
- print_r
- var_dump
- var_export
- user_loadThis would only allow print_r, var_dump, var_export, and user_load to be executed.
Example code:
<div class="the-most-unsafe-code-ever-created">
<ul>
<li>{{ "'This code has been executed';"|php }}</li>
<li>{{ "print 'This is working?';"|php }}</li>
<li>{{ "'Calculate:' . 2 + 7 * 18;"|php }}</li>
<li>{{ "\Drupal::service('date.formatter')->format(REQUEST_TIME, 'medium');"|php }}</li>
<li>
{{ "
class StupidIdea {
public static function render($string){
print $string;
}
}
return StupidIdea::render('gonna get all f**ked up.');
"|php(0) }}
</li>
<li>{{ 'robots.txt'|php_include }}</li>
<li>
{% set u = 'user_load'|php_function(1) %}
User 1 email: {{ u.getEmail() }}
</li>
</ul>
</div>
Project information
Seeking new maintainer
The current maintainers are looking for new people to take ownership.- Maintenance fixes only
Considered feature-complete by its maintainers. - Module categories: Developer Tools
5 sites report using this module- Created by donutdan4114 on , updated
This project is not covered by the security advisory policy.
Use at your own risk! It may have publicly disclosed vulnerabilities.
