Calling PHP code in droplet and security?

[MarkPrima]

Hi everyone,

I have read about security using the include call in a droplet.
But I was wondering if this can be a droplet " <?php include("includes/file.php"); ?>

Ultimately, I would like to use this to include a contact form.

Thanks

[pcwacht]

sorry missed this post, ah well, better late then never

To only include a file as a droplet seems a bit weird, maybe better
to open the file, copy the contents to a droplet, remove the <?php ?> php tags
check for echo's since a dorplet can't echo

Maybe better to copy the content into a code section?

If yo uneed to include a file make sure paths are correct!
Sometimes a matter of trial and error.

John

[NorHei]

If the include is specially build for use in a droplet this is posible, otherwise you have to use this:

Code:

ob_start();
include("includes/file.php");
$output=ob_get_contents();
ob_end_clean();
return $output ;

A droplet expects you to return a value just like a function does.

[pcwacht]

ps, that security issue you referring to is:
in wb3 changes are commands like eval and include will be forbidden in droplets and code

In wb2.8 (current stable) it is still allowed as are all php commands.
Droplets don't echo output direct, they return output instead.

There are some debates about wanting this 'feature'


John

[NorHei]

As Droplets is a Modul you can still install a version whithout that problem .