Executing php inside a WordPress widget without any plugin


To totally unlock this section you need to Log-in


Login

Sometimes in your WordPress theme you need to execute custom php code in a widget, because you want to display different information according to the category you are in, or simply because you need to execute a php script into that widget.

There are a lot of plugins doing this task, adding a new type of widget generally called “php widget”, but rather than installing a plugin this simple job can be done simply adding in functions.php file of your theme these few lines:

add_filter('widget_text','execute_php',100);

function execute_php($html){
if(strpos($html,"< "."?php")!==false){
ob_start();
eval("?".">".$html);
$html=ob_get_contents();
ob_end_clean();
}
return $html;
}

Which will turn the default Text widget into a php enabled widget.

Adding this feature directly to functions.php allows you to create a theme with this built in feature without the need of an external plugin. This is very useful when you plan to distribute your theme.

Let’s see how does it work

Line 1: add_filter hooks a function to a specific filter action.

Filters are the hooks that WordPress launches to modify text of various types before adding it to the database or sending it to the browser screen.

The first parameter is the name of the filter to hook (widget_text) while the second is the name of the function to be called when the filter is applied (execute_php). The third is the priority, and 100 should grant us a very low priority since lower numbers correspond with earlier execution, and the default value is 10.

widget_text is the filter applied to the widget text of the WordPress Text widget.

So in the end we are telling WordPress to run execute_php function when the content of the text widget is generated.

Line 2: exexute_php function. Note the argument, the HTML generated by the Text widget.

Line 3: looking for < ?php substring inside the HTML. If we find this substring, it means there is php to be executed inside the widget.

If you wonder why I am looking for "< "."?php" rather than "< ?php", it’s just to preserve the correct syntax highlighting in most editors.

Line 4: ob_start() turns output buffering on. While output buffering is active no output is sent from the script, instead the output is stored in an internal buffer. This means the HTML produced by the Text widget is temporarily saved into an internal buffer.

Line 5 : at this time we need to evaluate the HTML as if it was a php script. eval function does the job, but we need to add <> to the HTML (again, split in two to avoid highlight issues) because we must tell eval function the php could not start from the beginning of the HTML string.

An example: if my Text widget contains:

< ?php echo $_SERVER['REMOTE_ADDR']; ?>

Everything will work fine because the Text starts with php. But in this case:

Your IP: < ?php echo $_SERVER['REMOTE_ADDR']; ?>

eval function will fail because everything before < ?php is parsed as php, returning an error. That’s why the text is changed to:

?>a value: < ?php echo $a; ?>

...to tell eval we don’t start with php code.

Lines 6 and 7: once the php has been processed, we need to save the output buffer content, clean the output buffer and turn off output buffering.

Finally at line 9 the HTML is returned, with the php correctly parsed.

1 thought on “Executing php inside a WordPress widget without any plugin”

Comments are closed.