Can I use PHP code in article bodies?
If the admin configuration option “allow_article_php_scripting” is on,
< txp:php> @< /txp:php>@ is supported in article bodies. By default, PHP scripts are only run when the author of the article is a publisher or editor.
The user premissions required for PHP code in article bodies are defined in lib/admin_config.php, as
'article.php' => '1,2',
To allow different user levels to run PHP code in their articles, edit the levels (the comma-separated numbers) on that line. But be careful: this is a PHP file, so the syntax must be correct.
If you are using Textile, be sure to escape it:
notextile. <txp:php> // your PHP code </txp:php>
or you will end up with nasty errors like:
Parse error: parse error, unexpected ‘&’ in /path/to/your/site/textpattern/publish/taghandlers.php(2688) : eval()‘d code on line 2
By giving someone permission to run PHP code, you effectively give them permission to bypass all of Textpattern’s built-in security. Any user with permission to run PHP code can, intentionally or accidentally, modify or delete anything in your database, crash your site, and so on.