Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wp_all_import_is_php_allowed #49

Open
trey8611 opened this issue Feb 17, 2019 · 2 comments
Open

wp_all_import_is_php_allowed #49

trey8611 opened this issue Feb 17, 2019 · 2 comments

Comments

@trey8611
Copy link
Contributor

Description: disables Function Editor and disables all PHP functions in import template. Must be placed in functions.php file.

Since: WP All Import Pro 4.5.6 Beta 4.2

add_filter('wp_all_import_is_php_allowed', 'wpai_wp_all_import_is_php_allowed', 10, 1);
function wpai_wp_all_import_is_php_allowed($is_php_allowed) {
    return FALSE;
}
@joeguilmette
Copy link
Member

Hey this is a good idea, may come in handy for client mode.

@joeguilmette
Copy link
Member

joeguilmette commented Feb 25, 2019
edited
Loading

But, it's likely that if the user is allowed to upload an import file then it will still be pretty easy to pull off a SQL injection hack or something similar to allow for arbitrary code execution. Only trusted users should have access to WPAI.

We should include a notice stating this in the documentation for this filter.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trey8611 @joeguilmette