PHP console under MODx Revolution
Continuing the article of the distinguished bezumkin , I want to share one small, but very useful module for the admin MODx Revolution. This, so to speak, Ajax-console for executing PHP-code (of course on the server side) and outputting results to the browser.
PS Do not need extra comments on the security account. If you don’t know the MODx Revolution, it’s better not to say anything at all. Just before posting on security read here .
')
!!! Don't forget to test this model for vulnerabilities after installation. How to do it? Try being unauthorized in the admin panel to perform a vag_site type query / connectors / console / console.php? Action = exec & code = anyCode
If you get any result in response, bother with additional protection in this connector file. I have Revo 2.1.3, no additional hacks needed.
Why is he? Various minor needs constantly arise in working with the site: update a stack of documents, or go through the section and create a child for each document, etc. So, this is usually just a few lines of code, and it takes more time to create this handler file to execute this small code.
Now these requests can be easily performed directly from the admin panel.
How to create components is described in the above article. Files of this component can be downloaded here .
So, if you did not change the file structure of your site, upload files as is from this archive, create a new console component, set the {core_path} components / console / path for the component.
Next, go to the Actions tab, create a new action console, the controller specifies the console
In the same place we create a new menu item.
All now update the page in the admin panel and you can try out your new component.
In an amicable way, it would be necessary to arrange all this in an installation package (will someone issue it? By the way, you can write a detailed topic describing the package building process), and codemirror to attach to it, as well as attach the event of sending a request by pressing Ctrl + Enter . Who will do?
PS Do not need extra comments on the security account. If you don’t know the MODx Revolution, it’s better not to say anything at all. Just before posting on security read here .
')
!!! Don't forget to test this model for vulnerabilities after installation. How to do it? Try being unauthorized in the admin panel to perform a vag_site type query / connectors / console / console.php? Action = exec & code = anyCode
If you get any result in response, bother with additional protection in this connector file. I have Revo 2.1.3, no additional hacks needed.
Why is he? Various minor needs constantly arise in working with the site: update a stack of documents, or go through the section and create a child for each document, etc. So, this is usually just a few lines of code, and it takes more time to create this handler file to execute this small code.
Now these requests can be easily performed directly from the admin panel.
How to create components is described in the above article. Files of this component can be downloaded here .
So, if you did not change the file structure of your site, upload files as is from this archive, create a new console component, set the {core_path} components / console / path for the component.
Next, go to the Actions tab, create a new action console, the controller specifies the console
In the same place we create a new menu item.
All now update the page in the admin panel and you can try out your new component.
In an amicable way, it would be necessary to arrange all this in an installation package (will someone issue it? By the way, you can write a detailed topic describing the package building process), and codemirror to attach to it, as well as attach the event of sending a request by pressing Ctrl + Enter . Who will do?
Source: https://habr.com/ru/post/126733/
All Articles