Drupal - How to find all inputs that make use of the php input filter to fully disable the php filter module?

Rather than re-inventing the wheel, just install the Security Review module, which has the following check:

PHP or Javascript in content (nodes and comments and fields in Drupal 7)

For blocks you can check the format column in the block_custom table.

The difficult one is Views - I've yet to find a reliable way to locate rogue PHP in Views programmatically.

You can able to find all views which have php enabled by running below command in MySQL...

SELECT vv.name , vd.display_options
FROM views_display AS vd
LEFT JOIN views_view AS vv ON vv.vid = vd.vid
WHERE vd.display_options REGEXP '.s:[3]+:"php".*'

views_display table stores this information in serialized format.... I have tested above query works as expected.. Hope it helps to solve the views PHP riddle :-)

Drupal - How to find all inputs that make use of the php input filter to fully disable the php filter module?

Tags:

Input Formats

Related

Recent Posts