|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
What does you thinking about sementic web native Smarty support? |
I welcome this, if there wouldn't be any security risk |
|
66% |
[ 4 ] |
Why I should use this? |
|
16% |
[ 1 ] |
I would be happy, when other developers give me acces to their site in XML-WDDX |
|
0% |
[ 0 ] |
I always plan to deny give my data in other form than human readeble |
|
16% |
[ 1 ] |
|
Total Votes : 6 |
|
Author |
Message |
markon Smarty Rookie
Joined: 11 Jun 2004 Posts: 6 Location: Czech Republic
|
Posted: Fri Jun 11, 2004 11:31 am Post subject: Semenatic web (WDDX/SOAP) and Smarty |
|
|
Sometimes I am interesting in web mining and I've an idea about construct universal way to make possible web robots fetch information from any site running smarty.
WDDX is easist way to connect web pages on internet
There is first example how to use WDDX in your sample php code
[php:1:81aaa26dfc]
if(isset($_REQUEST['wddx'])){
$smarty->assign('wddx', wddx_serialize_value($smarty->get_template_vars('users')));
}
[/php:1:81aaa26dfc]
And now we took code to template too
Code: |
{if $wddx}{$wddx}{else}
...template
{/if}
|
Now if somebody try to fetch data from our site, he can easily use wddx, like this
Code: |
skript.php?show_users=1-10&wddx=true
|
And you'll get this in XML!
Code: |
<wddxPacket version='1.0'><header/><data><array length='5'><struct><var name='php_class_name'><string>stdClass</string></var><var name='id'><string
...
|
It can be easily parsed by built-in PHP function http://www.php.net/wddx
But there is an security problems
WRONG!
Code: |
SELECT * FROM users
|
It may return form example passwords, private data and much more
RIGHT
Code: |
SELECT `id`,`name`,`hobbies` FROM users
|
It will return only data what you want
Future
I am going to plan native support in Smarty. My idea is everything what you generate to HTML code should be accesible by XML like WDDX.
But there is only one problem - security risk. For native support generating semantic data are important give user only data dat can be accessed via HTML. But now, when you use command like "SELECT * ..." you mustn't show data in HTML to be accesible by WDDX. There is no problem for experienced programmers, but lame's can do much mistakes. _________________ --markon |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|