Mini Tutorial: Evaluating PHP in Static Blocks and CMS pages

One unavoidable truth about Magento is that you cannot enter PHP code directly into a static block or CMS page. It is known. Sure you can still add PHP into a static block by creating a template and then calling that template in the block. But what if you have a client that insists that they are provided with the ability to enter PHP code directly into a static block without having access to template creation? You break the rules!

Step 1: Create a Widget

Now, the way around this is we would need to create a widget that would contain a text area where you could enter PHP code, and then place that widget into the static block.

We’ll start by creating the standard module structure:

app/design/frontend/base/default/template/demac/evaluate.php
Demac/Evaluation/Block/Evaluate.php
Demac/Evaluation/etc/config.xml
Demac/Evaluation/etc/widget.xml
app/etc/modules/Demac_Evaluation.xml

We don’t need to worry about the template file, and can leave it blank. In Evaluate.php we will create the following code:

class Demac_Evaluation_Block_Evaluate extends Mage_Core_Block_Abstract implements Mage_Widget_Block_Interface
{
    protected function _toHtml()
    {
        $code = $this->getCode();
        eval($code);
    }
}

DISCLAIMER: Notice the caveat on the manual entry for eval().

“The eval() language construct is very dangerous because it allows execution of arbitrary PHP code. Its use thus is discouraged. If you have carefully verified that there is no other option than to use this construct, pay special attention not to pass any user provided data into it without properly validating it beforehand.”

Remember, the internet is dark and full of terrors.

Step 2: Setup XML files

Next, we’ll set up the config.xml and widget.xml files.

config.xml:

<?xml version="1.0" ?>
<config>
    <modules>
        <Demac_Evaluation>
            <version>1.0</version>
        </Demac_Evaluation>
    </modules>
    <global>        
        <blocks>
            <evaluation>
                <class>Demac_Evaluation_Block</class>
            </evaluation>
        </blocks>
    </global>
</config>

widget.xml:

<widgets>
    <evaluation_evaluate type="evaluation/evaluate">
        <name>PHP Evaluation</name>
        <description type="desc">Evaluates PHP Code</description>
        <parameters>
            <template translate="label">
                <label>Frontend Template</label>
                <visible>1</visible>
                <required>1</required>
                <value>demac/evaluate.phtml</value>
                <type>select</type>
                <values>
                    <text translate="label">
                        <value>demac/evaluate.phtml</value>
                        <label>Evaluate</label>
                    </text>
                </values>
            </template>
            <code translate="label">
                <label>PHP Code</label>
                <visible>1</visible>
                <required>1</required>
                <type>textarea</type>
            </code>
        </parameters>
    </evaluation_evaluate>
</widgets>

The config file is fairly straight forward, as it is just includes the Evaluation.php block. The widget file is a little more interesting as it is what tells Magento what the widget consists of. Once we activate the module, the contents of the widget.xml file will make a little more sense.

Demac_Evaluate.xml:

<?xml version="1.0"?>
<config>
    <modules>
        <Demac_Evaluation>
            <active>true</active>
            <codePool>local</codePool>
            <depends>
                <Mage_Cms />
            </depends>
        </Demac_Evaluation>
    </modules>
</config>

Step 3: Insert the Widget

By clearing the cache and navigation to a static block or cms page, we can create and insert the widget.

Now, just click the insert widget button, Select the type “PHP Evaluation” from the dropdown, and enter php code (ie: echo ‘HELLO UNIVERSE!’;) into the textarea and click “Insert Widget”. With the editor, you can see that {{widget type=”evaluation/evaluate” template=”demac/evaluate.phtml” code=”echo ‘HELLO UNIVERSE!’;”}} is created;

Keep in mind, if you wanted to mix PHP and html in the code, you would need to use the php tags in the textarea, for instance:

if(condition):?>
<span>Test 1</span>
<?php else: ?>
<span>Test 1</span>
<?php endif; ?>

The first opening <?php tag is not necessary, as the widget already assumes PHP code.

Well, there you have it. Although I’d like to repeat that this option should only be used if it’s absolutely neccessary. Magento doesn’t allow PHP in static blocks and CMS pages for reasons of security, so the utmost caution should be used when apply this method.