This code is used inside a closed source CMS:
If I have a php file set up like this
$var1 = ""; $var2 = ""; $var3 = "";
And allow people to add their own content into the variables, can this be manipulated and turned into a vulnberability? The only way I will be using these variables is echoing out the variables contents and returning the variable in a function.
I just want to make sure that php code can't be entereed into the variables somehow and be processed. I'm not 100% aware of all php vulnerabilities, so figured I'd ask on here.
EDIT
So to give a little more information: I am using this inside a closed source CMS that I've developed. I am giving textarea's for the users to type in their content for that particular variable. They type in their variables, and then it saves to a page via file_put_contents(). This page is a php page included in pages that use this, and basically prevents me from having to store all these variables inside a database. To use the variables, they type (in a template engine) {%var1%} and the variables is replaced with the string using a return from the template engine.
