EzStatic Upgrade
I've upgraded EzStatic to fix a problem with the WordPress 1.5 Default template, and also to add PHP code execution to PHP embedded in posts/pages.
The new version (1.9) will execute PHP if you write it directly into the post editing box. You need to surround the code with the usual php tags. You can have several code sections in a single post.
To activate the code, you must check the checkbox that will appear (when EzStatic is activated as a plugin) underneath the post content editing box.
The code is more secure than other solutions because it will only execute the code if the author of the post is of a minimum user level. By default this is level 8, but you can change it easily in code.
You can use PHP code on either posts or "static" pages in WordPress 1.5.
EzStatic retains its ability to embed external static files that are specified in the querystring.
Check out the download on my hacks page, and the documentation in the wiki.
This version is only tested on WP 1.5. It may work on 1.2, but I make no guarantees. Try an older version of EzStatic if you're using WP 1.2.
Comments
Comment by Pat on .
If I knew any PHP (and didn't have tons of other things to do), I'd try to exploit this. My todo list is a bit too large.
What do you gain by letting people run PHP? It seems like a bad idea to me.
Comment by Owen on .
It's for site authors, not commenters. Yes, it seems like a bad idea to me too, that's why I hadn't included it in the plugin until now.
But someone asked me about it last night, and rather than send them elsewhere I added some security measures (which other solutions don't have) and released it.
Not that I'm trying to challenge you or anything, but the way it's set up, you would have to be a site author of level 8 or better in order to come close to exploiting this. Presumably, if you're that high a level already, you may have FTP access to the site anyway. It's really just a way to throw together dynamic pages a little more quickly through the WordPress editing interface.
Comment by valerie on .
YAY PHP code!! Whoohoo!
Now I have to think of a way to use it in a post ;-)
Comment by James O'Connor on .
Owen,
With the new release of WP v1.5, what is the point of EzStatic? I know that it's a great piece of software and I currently have it from WP v1.2, but what does EzStatic do differently than the new 'Pages' feature?
Thanks
Comment by Owen on .
Um, EzStatic is very different from the innate static features of WordPress 1.5.
With EzStatic, it's easy to insert dynamic external PHP files (possibly with a little tweaking) into your WordPress layout. The alternative would be to copy the application code into a WordPress static page, and you'd need some kind of PHP-executing plugin, which might not work if the code uses includes, etc.
The new version of EzStatic will also let you execute PHP that's inserted into posts and static pages, which WordPress won't let you do. And unlike some other great plugin solutions (RunPHP, for example), EzStatic validates the user level of the author before executing code to make sure that guest-level posters aren't embedding potentially malicious code.
Potential applications for EzStatic that you simply can't do with the innate WP Pages feature include:
*Dynamic feed aggregator (I use a modified Feed On Feeds on this site)
*Guestbook
*Wiki (Try MicroWiki, which integrates with EzStatic into WordPress logins!)
*Shopping cart (Try MicroShop!)
*Dynamic "about" pages
Perhaps it would be better to call it "EzDynamic"?
Comment by Ken Walker on .
Hi Owen. Congrats on the new release. Unfortunately, I can't get this working with WP 1.5. That's weird, because I'm pretty sure I'm doing everything the way normal plugins are setup, but I don't see an "Execute Content" checkbox.
Comment by Brano on .
Doesn't work with my WP 1.5 eiter. I've installed it, activated, clicked "Execute" in post editor and doesn't work. I've noticed that a space was suddenly inserted between