What are the potential risks of allowing PHP code in forum signatures?

Allowing PHP code in forum signatures can pose security risks, as it opens up the possibility for malicious users to inject harmful code such as cross-site scripting attacks or server-side exploits. To mitigate this risk, it is recommended to disable the execution of PHP code within forum signatures by filtering out any PHP tags or code snippets.

// Disable PHP code execution in forum signatures
$signature = strip_tags($signature);