Protect PHP Code in CKEditor & gpEasy

Update: there is a plugin that allows you to add PHP into a page, therefore, you should not need this tutorial. Nonetheless it is here for those that need to do more with PHP than the plugin allows.

Some users may wish to use PHP code within gpEasy pages. Currently both CKEditor and gpEasy strip PHP code from pages. This is done for security reason. If you know what you are doing and want to use PHP within gpEasy pages anyways then this is how you do it.

Add the following code after the gpEasy code already in the ckeditor_config.js file in the  /include/js/  folder.

CKEDITOR.config.protectedSource.push(/<\?[\s\S]*?\?>/g);

The above code will protect PHP code from being stripped by CKEditor; however gpEasy will still remove the code. We need to remove the 'rmphp()' functions found within the /include/common.php file. This is a core gpEasy file so any changes will be over-written upon upgrade of gpEasy.

The original code should look something like this:

function cleanText(&$text) {
gpFiles::tidyFix($text);
gpFiles::rmPHP($text);
}
function rmPHP(&$text){
$search = array('');
$replace = array('<?','<?php','?>');
$text = str_replace($search,$replace,$text);
}

You want to change it to something like this:

function cleanText(&$text) {
gpFiles::tidyFix($text);
}

Remember I'm not a programmer. . . attempt at your own risk.

One of the problems with doing this is when you work with gpEasy pages the PHP in the page will be activated thus when you edit the page you will get the output and not the PHP, thus you will want to call the PHP indirectly via "File Inclusion" or some other method.

 

gpEasy B2sq Theme by CS @True Acupuncture