Back to marketplace
49

Codebox

Allows you to add and use HTML snippets on your Dashboard sidebar.

Overview

The CodeboxFrame widget displays and optionally executes PHP and Yii2 code snippets within HumHub modules. It provides a secure, panel-based interface for code demonstration and execution.

Basic Usage

Import the Widget

<?php
use humhub\modules\codebox\widgets\CodeboxFrame;

Simple HTML Example

<?php
echo CodeboxFrame::widget([
    'entries' => [
        [
            'title' => 'Sample HTML Code',
            'htmlCode' => '<div class="alert alert-info">Hello World!</div>',
            'codeType' => 'html',
            'sortOrder' => 1
        ]
    ]
]);

Multiple Code Entries

<?php
echo CodeboxFrame::widget([
    'entries' => [
        [
            'title' => 'HTML Content',
            'htmlCode' => '<div class="well">Welcome message</div>',
            'codeType' => 'html',
            'sortOrder' => 1
        ],
        [
            'title' => 'PHP Example',
            'htmlCode' => 'echo "Current time: " . date("Y-m-d H:i:s");',
            'codeType' => 'php',
            'sortOrder' => 2
        ],
        [
            'title' => 'Yii2 Framework Code',
            'htmlCode' => '
                echo humhub\widgets\Button::primary("Click Me")->icon("fa-thumbs-up");',
            'codeType' => 'yii2',
            'sortOrder' => 3
        ]
    ],
    'showPanelMenu' => true
]);

Configuration

Widget Properties

PropertyTypeDefaultDescription
entriesarray[]Array of code entries to display
showPanelMenubooleantrueShow/hide panel menu
enablePhpExecutionbooleanfalseEnable PHP code execution

Entry Structure

FieldTypeRequiredDescription
titlestringYesDisplay title for the code block
htmlCodestringYesThe actual code content
codeTypestringYesCode type: html, php, yii2
sortOrderintegerYesDisplay order (lower numbers first)

Code Types

HTML (html)

Renders HTML directly with nonce support for CSP compliance.

[
    'title' => 'HTML Content',
    'htmlCode' => '<div class="alert alert-success">Success message</div>',
    'codeType' => 'html',
    'sortOrder' => 1
]

PHP (php)

  • Default: Code is displayed only (secure)
  • With execution: Code runs in isolated temporary files
[
    'title' => 'PHP Example',
    'htmlCode' => 'echo "Server time: " . date("Y-m-d H:i:s");',
    'codeType' => 'php',
    'sortOrder' => 1
]

Yii2 (yii2)

Similar to PHP but with Yii2 context variables: $app, $user, $request, $response

[
    'title' => 'Yii2 User Info',
    'htmlCode' => '
        echo humhub\modules\user\widgets\UserListBox::widget([
            "users" => [$user->identity],
            "showUserName" => true
        ]);',
    'codeType' => 'yii2',
    'sortOrder' => 1
]

PHP Execution Security

Enabling PHP Execution

echo CodeboxFrame::widget([
    'enablePhpExecution' => true, // CAUTION: Use only in trusted environments
    'entries' => [/* your PHP entries */]
]);

Restricted Functions

These functions are blocked for security:

  • File operations: file_get_contents, file_put_contents, fopen, unlink
  • System commands: exec, system, shell_exec, passthru
  • Code execution: eval
  • Includes: include, require, include_once, require_once

Usage Examples

In Views

<?php

use humhub\modules\codebox\widgets\CodeboxFrame;
?>

<div class="container">
    <?= CodeboxFrame::widget([
        'entries' => [
            [
                'title' => 'HTML Welcome Message',
                'htmlCode' => '<div class="alert alert-info">Welcome to our module!</div>',
                'codeType' => 'html',
                'sortOrder' => 1
            ],
            [
                'title' => 'PHP Server Info',
                'htmlCode' => 'echo "PHP Version: " . phpversion() . "<br>Memory Usage: " . memory_get_usage(true);',
                'codeType' => 'php',
                'sortOrder' => 2
            ],
            [
                'title' => 'Yii2 Application Info',
                'htmlCode' => '
                    $form = humhub\widgets\ActiveForm::begin();
                    echo yii\helpers\Html::label("Sample Form", null, ["class" => "control-label"]);
                    echo yii\helpers\Html::textInput("sample", "", ["class" => "form-control", "placeholder" => "Enter text"]);
                    humhub\widgets\ActiveForm::end();',
                'codeType' => 'yii2',
                'sortOrder' => 3
            ]
        ]
    ]) ?>
</div>

Error Handling

Common Error Messages

  • "Security: PHP code contains restricted functions": Code uses blocked functions
  • "PHP Error:" / "PHP Parse Error:": Syntax error in PHP code
  • Empty display: Missing required fields or empty sortOrder

Troubleshooting

  1. Ensure all required entry fields are present
  2. For PHP execution, set enablePhpExecution => true
  3. Avoid restricted functions in PHP code
  4. Validate user input before passing to widget

Best Practices

  1. Always validate user input before passing to the widget
  2. Keep enablePhpExecution => false in production unless necessary
  3. Use Html::encode() for user-provided content
  4. Set logical sort orders for code flow
  5. Test PHP snippets before deployment

Module Information

Price:
Free
Latest version release:
1.4.0-beta.1 - September 6, 2025
Publisher:
Author(s):
Website:
Compatibility:
HumHub 1.3 - 1.18.0-beta.2