Hi,

We are trying to make public and private blogs using MT 3.17, for this we want to use PHP. I was making some tests and got the pages to be generated sucessfully in php (before reading the tutorial on how to do it, just simply changing the extension of the files in the template .pl files...) But there's a big security problem there, and it's that everybody can create an entry in any blog writting PHP code and the code is executed in the server, meaning that anybody could make an entry that for example, deletes some files in the server

Is there a secure way to use PHP in the templates?

Thanks

Your best bet is to prevent PHP being entered into the entry screen using something like the remove_html, encode_html or sanitize attributes