Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.
  www.smarty.net   •  phpinsider.com  •  Forum Index  •  FAQ  •  Search  •  Memberlist  •  Profile  •  Log in to check your private messages  •  Register  •  Log in
loadFilter [Solved]

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Smarty 3
View previous topic :: View next topic  
Author Message
cymov
Smarty n00b


Joined: 19 Jul 2011
Posts: 2
PostPosted: Tue Jul 19, 2011 9:12 am    Post subject: loadFilter [Solved] Reply with quote
We're working with smarty 3.0beta8 on an application. We need to escape htmlentities in views.

So we use function loadFilter("variable", "htmlspecialchars");

We have tests to mock script injection and it works fine. But when the cache expires, all the templates includes in others are filtered again.

So the render is bad and we obtain the html code of the inner template in the browser. The code is escaped and brackets are replaced by their HTML representation < and >.

Can you help us on this problem? Is it a version problem, configuration problem or bad use of smarty ? Question

Last edited by cymov on Tue Jul 19, 2011 2:21 pm; edited 1 time in total
Back to top
View user's profile Send private message
U.Tews
Administrator


Joined: 22 Nov 2006
Posts: 5068
Location: Hamburg / Germany
PostPosted: Tue Jul 19, 2011 12:14 pm    Post subject: Reply with quote
Variable filters are applied to any variable output.

If you assign the content of a fetched template to another Smarty variable you must disable filtering for this one, otherwise the HTML gets escape as well.

PHP
Code:
$content = $smarty->fetch('subremplate.tpl');
$smarty->assign('content',$content);


template
Code:

...
// disable filter on subtemplate content
{$content nofilter}
...


I'm not sure if this was your usage case. If not you must provide more information.
Back to top
View user's profile Send private message
cymov
Smarty n00b


Joined: 19 Jul 2011
Posts: 2
PostPosted: Tue Jul 19, 2011 2:20 pm    Post subject: Reply with quote
Thank you for your answer. It works fine.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Smarty 3 All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP