Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
This is a fork of the Computed Field module. It does not allow to execute PHP code that is stored in the database. Instead it requires to always use code based callback function to calculate and display the fields.
The reason for the existance of this fork is that allowing site users to provide executable arbitrary PHP code is a potential security vulnerability. Normally this is reserved for trusted admin roles, but if someone would gain illegitimate access to this field (e.g. by hacking the admin account or some other bug or vulnerability in the site), this would escalate from a "only" a data breach to a worst case "execute arbitrary PHP code on the server" scenario. A good defense in depth would try to plug these holes before they can be exploited.
Also there might be cases in which you would allow certain user roles to manage fields, but still don't want them to be able to execute arbitrary PHP code on the server.
Project information
- Module categories: Site Structure
- Created by pfrenssen on , updated
