Idea for Joomla: Allow custom php scripts to be called in place of articles or modules

[UKFed]

I hope this is the right place to make proposals for new features? Hope so :)

IDEA: Allow custom php scripts to be run in place of an article or module.
There are several ways to add php scripts to an article or module using extensions, but they can present a potential security issue or create problems when site editors/managers accidentally edit the page and disrupt the embedded scripts.

Rather than having the scripts within HTML content, having the menu point directly at a script so that the custom script displays in place of the normal article or module content make this more secure and takes it out of the hands of editors.

Years ago there was an excellent and very simple extension called Jumi (https://code.google.com/archive/p/jumi) that allows the admin to point a menu straight at the php script or have a module that just points to the script. Building this into the core of Joomla! would strengthen the platform and allow developers to extend the use of Joomla! even further without having to add in any third party extensions.

[HLeithner]

What would be the use case for such functionality? Joomla it self can be extended by php code all over the place as long as you are a "super user".

[UKFed]

Thanks for your reply. Here's a couple of common example use cases:

• Menu: Let's say that I want to set a menu to run a custom php script at custom/script.inc.php in place of an article. Perhaps for a highly customised form or a page that pulls an order from a database.
• Module: Let's say to show a custom weather feed at custom/weather.inc.php

This isn't possible today in Joomla! without adding extensions. And those extensions are just designed to work from the HTML page in custom brackets {mycode}<php include_once("custom/script.inc.php")?>{/mycode} which could be accidentally accessed and messed up by editors.

In the case of Jumi, messing up the code wasn't possible by someone editing an article.

I hope I explained this enough, if not please let me know.

[HLeithner]

Ok, so the easiest solution for you is to create a module or use the "custom module" already provided by joomla core and make a template layout for it.

This allows you exactly what you like to do. Adding php directly in the text area is a no go for joomla and not needed since Joomla is already highly extendable.

I'm closing this because there is no reason for this in Joomla.

[nibra]

This is not the way, ideas are handled in the RFC area. Please stick to the bylaws.

[UKFed]

What about custom code to replace an article?

[brianteeman]

Rather than having the scripts within HTML content, having the menu point directly at a script so that the custom script displays in place of the normal article or module content make this more secure and takes it out of the hands of editors.

How would it be more secure?

Providing a way for any php found somewhere on the internet to run as a standalone script is by its very nature insecure. By its very nature allowing this will make your site insecure.

[UKFed]

It doesn't run as a standalone script. All scripts should include:
defined('_JEXEC') OR defined('_VALID_MOS') OR die( "Direct Access Is Not Allowed" );
So they can only be run from inside Joomla.

[UKFed]

No worries, I have commissioned someone to write a new version of Jumi for Joomla!4. Should be launched in JED soon.

[UKFed]

I still think that this is a missing core feature for Joomla! 4, but at least there's a free option that works well.

https://extensions.joomla.org/extension/core-enhancements/outer-scripts/