Documentation Support > Extensions? > Php
| Format: | (:zap php*="<command>|<value>":) |
Requirements to Use: ZAP | ZAP Toolbox
Explanation: This command inserts <value> into <command> and evaluates. It then inserts the results back into the field value. Only the following commands will be accepted:
substr
strpos
strtotime
strftime
time
date
crypt
rand
strlen
strtolower
strtoupper
ucfirst
ucwords
To change the default list, you can reset the following pattern above in a config file. (Not Site.ZAPConfig). Be very careful about allowing in php commands that might jeopardize your site's security.
Note: a closing parenthesis is escaped to prevent malicious code submissions.
As a security feature, this command can ONLY be set using the (:zap field="value":) format.
Note: a comparable feature is available in the ZAP Toolbox as a markup. However, the php command can take values from various form fields and process the results on submission.