Add warnings/errors about PHP in Pod Pages and Templates

pods-framework · Sep 27, 2024 · e2912e0 · e2912e0
1 parent 83016f5
commit e2912e0
Show file tree

Hide file tree

Showing 2 changed files with 106 additions and 1 deletion.
diff --git a/components/Pages.php b/components/Pages.php
@@ -173,7 +173,7 @@ public function register_config() {
 				$page_templates[ $page_template . ' - ' . $file ] = $file;
 			}
 
-			$page_templates[ __( '-- Select a Page Template --', 'pods' ) ] = '';
+			$page_templates[ __( '-- Select a WP Page Template --', 'pods' ) ] = '';
 
 			$page_templates[ __( 'Custom (uses only Pod Page content)', 'pods' ) ] = '_custom';
 
@@ -653,6 +653,73 @@ public function edit_page_form() {
 
 		add_action( 'admin_enqueue_scripts', array( $this, 'admin_assets' ), 21 );
 		add_filter( 'enter_title_here', array( $this, 'set_title_text' ), 10, 2 );
+
+		$page_code = get_the_content();
+		$pre_code = get_post_meta( get_the_ID(), 'precode', true );
+
+		$has_php = false !== strpos( $page_code, '<?' );
+		$has_precode = ! empty( $pre_code );
+
+		if ( $has_php ) {
+			pods_deprecated( 'Pod Page PHP code has been deprecated, please use WP Page Templates or hook into the pods_content filter instead of embedding PHP.', '2.1' );
+
+			if ( PODS_DISABLE_EVAL ) {
+				pods_message(
+					sprintf(
+						'<p><strong>%1$s:</strong> %2$s</p><p><a href="%3$s" target="_blank" rel="noopener noreferrer">%4$s</a></p>',
+						__( 'Pod Page Error', 'pods' ),
+						__( 'This Pod Page contains PHP code that will not run due to security restrictions in Pods. To enable PHP code, you must configure your website to allow PHP by setting the constant PODS_DISABLE_EVAL to false.', 'pods' ),
+						'https://docs.pods.io/displaying-pods/pod-page-template-hierarchy-for-themes/',
+						__( 'Switch to file-based Pod Pages', 'pods' )
+					),
+					'error',
+					false,
+					false
+				);
+			} else {
+				pods_message(
+					sprintf(
+						'<p><strong>%1$s:</strong> %2$s</p><p><a href="%3$s" target="_blank" rel="noopener noreferrer">%4$s</a></p>',
+						__( 'Pod Page Warning', 'pods' ),
+						__( 'This Pod Page contains PHP code that will no longer run in Pods 3.3+.', 'pods' ),
+						'https://docs.pods.io/displaying-pods/pod-page-template-hierarchy-for-themes/',
+						__( 'Switch to file-based Pod Pages', 'pods' )
+					),
+					'warning'
+				);
+			}
+		}
+
+		if ( $has_precode ) {
+			pods_deprecated( 'Pod Page PHP precode has been deprecated, please use WP Page Templates or hook into the pods_content filter instead of embedding PHP.', '2.1' );
+
+			if ( PODS_DISABLE_EVAL ) {
+				pods_message(
+					sprintf(
+						'<p><strong>%1$s:</strong> %2$s</p><p><a href="%3$s" target="_blank" rel="noopener noreferrer">%4$s</a></p>',
+						__( 'Pod Page Error', 'pods' ),
+						__( 'This Pod Page contains PHP precode that will not run due to security restrictions in Pods. To enable PHP code, you must configure your website to allow PHP by setting the constant PODS_DISABLE_EVAL to false.', 'pods' ),
+						'https://docs.pods.io/displaying-pods/pod-page-template-hierarchy-for-themes/',
+						__( 'Switch to file-based Pod Pages', 'pods' )
+					),
+					'error',
+					false,
+					false
+				);
+			} else {
+				pods_message(
+					sprintf(
+						'<p><strong>%1$s:</strong> %2$s</p><p><a href="%3$s" target="_blank" rel="noopener noreferrer">%4$s</a></p>',
+						__( 'Pod Page Warning', 'pods' ),
+						__( 'This Pod Page contains PHP precode that will no longer run in Pods 3.3+.', 'pods' ),
+						'https://docs.pods.io/displaying-pods/pod-page-template-hierarchy-for-themes/',
+						__( 'Switch to file-based Pod Pages', 'pods' )
+					),
+					'warning'
+				);
+			}
+		}
+
 	}
 
 	/**

diff --git a/components/Templates/includes/element-view_template.php b/components/Templates/includes/element-view_template.php
@@ -5,8 +5,12 @@
  * @package Pods_templates
  */
 
+$has_php = false;
+
 $pods_output = '';
+
 if ( isset( $content ) ) {
+	$has_php = false !== strpos( $content, '<?' );
 
 	// WordPress will already call esc_textarea() if richedit is off, don't escape twice (see #3462)
 	if ( ! user_can_richedit() ) {
@@ -17,6 +21,40 @@
 	}
 }
 ?>
+<?php if ( $has_php ) : ?>
+	<?php pods_deprecated( 'Pod Template PHP code has been deprecated, please use WP Templates instead of embedding PHP.', '2.3' ); ?>
+
+	<?php if ( PODS_DISABLE_EVAL ) : ?>
+		<?php
+		pods_message(
+			sprintf(
+				'<p><strong>%1$s:</strong> %2$s</p><p><a href="%3$s" target="_blank" rel="noopener noreferrer">%4$s</a></p>',
+				__( 'Pod Template Error', 'pods' ),
+				__( 'This template contains PHP code that will not run due to security restrictions in Pods. To enable PHP code, you must configure your website to allow PHP by setting the constant PODS_DISABLE_EVAL to false.', 'pods' ),
+				'https://docs.pods.io/displaying-pods/pod-template-hierarchy-for-themes/',
+				__( 'Switch to file-based Pod Templates', 'pods' )
+			),
+			'error',
+			false,
+			false
+		);
+		?>
+	<?php else : ?>
+		<?php
+		pods_message(
+			sprintf(
+				'<p><strong>%1$s:</strong> %2$s</p><p><a href="%3$s" target="_blank" rel="noopener noreferrer">%4$s</a></p>',
+				__( 'Pod Template Warning', 'pods' ),
+				__( 'This template contains PHP code that will no longer run in Pods 3.3+.', 'pods' ),
+				'https://docs.pods.io/displaying-pods/pod-template-hierarchy-for-themes/',
+				__( 'Switch to file-based Pod Templates', 'pods' )
+			),
+			'warning'
+		);
+		?>
+	<?php endif; ?>
+<?php endif; ?>
+
 <div class="pods-compat-container">
 	<textarea id="content" name="content"><?php echo $pods_output; // phpcs:ignore WordPress.XSS.EscapeOutput.OutputNotEscaped ?></textarea>
 </div>