| View previous topic :: View next topic |
| Author |
Message |
s2xi
Smarty Rookie
Joined: 02 Mar 2011
Posts: 8
|
 Posted: Wed Mar 02, 2011 5:25 am Post subject: use absolute path in a child tpl to extend from parent |
 |
|
Is it possible to use an absolute path to point to extended templates?
Parent:
<html>
<head>
<title>{block name="title"}Default Title{/block}</title>
</head>
</html>
Child:
{extends file="userThemes/someTheme/index.tpl"}
{block name="title"}
Some default content here that will show an all themes created because the extends block is pointing to an absolute path from a smarty variable or a session.
{/block}
is this possible? |
|
| Back to top |
|
rodneyrehm
Administrator
Joined: 30 Mar 2007
Posts: 674
Location: Germany, border to Switzerland
|
| Posted: Wed Mar 02, 2011 8:49 am Post subject: |
|
|
userThemes/someTheme/index.tpl is not an absolute path. It's a relative path. /var/foo/bar/userThemes/someTheme/index.tpl or windowsy C:\foo\userThemes\someTheme\index.tpl are absolute paths.
Yes, absolute paths are possible, unless your Security Policy disables them. See http://www.smarty.net/docs/en/advanced.features.tpl#advanced.features.security
Relative paths like yours works as well. they are handled relative to the directory/directories in your $smarty->template_dir. |
|
| Back to top |
|
s2xi
Smarty Rookie
Joined: 02 Mar 2011
Posts: 8
|
| Posted: Wed Mar 02, 2011 9:06 am Post subject: |
|
|
| globe wrote: | userThemes/someTheme/index.tpl is not an absolute path. It's a relative path. /var/foo/bar/userThemes/someTheme/index.tpl or windowsy C:\foo\userThemes\someTheme\index.tpl are absolute paths.
Yes, absolute paths are possible, unless your Security Policy disables them. See http://www.smarty.net/docs/en/advanced.features.tpl#advanced.features.security
Relative paths like yours works as well. they are handled relative to the directory/directories in your $smarty->template_dir. |
yes, yes you are correct i did mean relative. Haven't slept much as you can probably tell 
This is my setup or how I envision it to work like.
User logs in,
login page makes $_SESSION['theme'], and $_COOKIE['theme']
(in this case the theme session, cookie holds 'default')
in my index.php I have something like
| Code: | if(isset($_COOKIE['theme']) == 'default'{
$themePATH = dirname(__FILE__) . '/resources/themes/default/';
}else{
$themePATH = dirname(__FILE__) . 'members/ . $_COOKIE['user_name'] . '/theme/' . $_COOKIE['theme'] . '/';
} |
then further down after i make a new Smarty object i redefine the template location.
| Code: | | $s->template_dir = $themePATH; |
then of course:
| Code: | | $s->display('index.tpl'); |
this works, but I was having a logic problem in my reasoning. If i let users upload their own themes I would update the database to make the field 'theme' point to their new them in their user folder. But every single theme will have the same blocks of code in the header.
The default header.tpl and footer.tpl are located outside of their user folder and into the default site resources.
Hmmm, I have been looking at the parent and child templates and was then looking that in the child.tpl i can use the 'extends' keyword but like I said the index.tpl isn't in the same directory as the theme. So thats why I was asking if I could use 'relative' urls, but the other issue is that the relative url is dynamic because it will change from user to user. |
|
| Back to top |
|
rodneyrehm
Administrator
Joined: 30 Mar 2007
Posts: 674
Location: Germany, border to Switzerland
|
| Posted: Wed Mar 02, 2011 9:24 am Post subject: |
|
|
[quote="s2xi"] | Code: | if(isset($_COOKIE['theme']) == 'default'{
$themePATH = dirname(__FILE__) . '/resources/themes/default/';
}else{
$themePATH = dirname(__FILE__) . 'members/ . $_COOKIE['user_name'] . '/theme/' . $_COOKIE['theme'] . '/';
} |
| Quote: |
NEVER EVER(!) use unsanitized user input for direct access to your filesystem. I'm sure some poeple find funny ways to screw with your system because of $_COOKIE['user_name'].
As for your actual question: I'm not sure how to solve the problem, really.
You could use template inheritance and specify the inheritance chain via php:
$smarty->display('extends:/your/master.tpl|'. $the_actual_template); |
|
|
| Back to top |
|
s2xi
Smarty Rookie
Joined: 02 Mar 2011
Posts: 8
|
| Posted: Wed Mar 02, 2011 9:31 am Post subject: |
|
|
[quote="globe"] | s2xi wrote: | | Code: | if(isset($_COOKIE['theme']) == 'default'{
$themePATH = dirname(__FILE__) . '/resources/themes/default/';
}else{
$themePATH = dirname(__FILE__) . 'members/ . $_COOKIE['user_name'] . '/theme/' . $_COOKIE['theme'] . '/';
} |
| Quote: |
NEVER EVER(!) use unsanitized user input for direct access to your filesystem. I'm sure some poeple find funny ways to screw with your system because of $_COOKIE['user_name'].
As for your actual question: I'm not sure how to solve the problem, really.
You could use template inheritance and specify the inheritance chain via php:
$smarty->display('extends:/your/master.tpl|'. $the_actual_template); |
|
Heh, ya I know what you are talking about. For the sake of keeping code short and to the point i used a quick access method to show you how the script will render its output.
Hmmm, wait how I'm confused I think, because user data is sanitized and validated prior to login. The $_COOKIE and $_SESSION created are created after the fact and data pulled in from a database.... this is how its done right?
So if I can actually use a relative path in the extends then that solves my question!
How many child templates can I load in the $s-display('extends'); format |
|
| Back to top |
|
rodneyrehm
Administrator
Joined: 30 Mar 2007
Posts: 674
Location: Germany, border to Switzerland
|
| Posted: Wed Mar 02, 2011 9:38 am Post subject: |
|
|
| s2xi wrote: | | Hmmm, wait how I'm confused I think, because user data is sanitized and validated prior to login. The $_COOKIE and $_SESSION created are created after the fact and data pulled in from a database.... this is how its done right? |
$_COOKIE is populated with info from the browser upon every request. So no, sanitizing once does not help at all. $_SESSION is not mutable from outside your php script, so whatever you can pull out if it, you had to put it in there in the first place. make sure to sanitize before you save to $_SESSION.
sanitization means respecting the context switch. A string can behave differently if used as javascript, as a file path, as part of a sql query, … - you need to sanitize for the destination use.
| s2xi wrote: | | So if I can actually use a relative path in the extends then that solves my question! |
you are relative to the $template_dir you specified. But for security reasons you won't be able to escape it. So if you want to get to a higher level directory, you need to use an absolute path.
Also, if you allow your users to supply templates, make sure you read the Security Policy stuff really carefully.
| s2xi wrote: | | How many child templates can I load? |
I don't know of any limit.
| s2xi wrote: | | I kept getting error because of the {popup} in the demo/index.tpl |
yeah, popup was dropped (finally), it should've been removed from the demo by now |
|
| Back to top |
|
s2xi
Smarty Rookie
Joined: 02 Mar 2011
Posts: 8
|
| Posted: Wed Mar 02, 2011 10:04 am Post subject: |
|
|
Would you be kind and provide me with a link to the page where I can read up on Security Policies?
I'm on the Smarty.net site and can't find it or I'm just looking in the wrong places. |
|
| Back to top |
|
rodneyrehm
Administrator
Joined: 30 Mar 2007
Posts: 674
Location: Germany, border to Switzerland
|
|
| Back to top |
|
|
