|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
basvb Smarty n00b
Joined: 24 May 2006 Posts: 2
|
Posted: Wed May 24, 2006 2:21 pm Post subject: limiting smarty power ( {php}, {include}, etc) |
|
|
Hi,
It would be nice to be able to limit the power template designers have.
The possibility of including raw PHP code from for instance {php} directives is not always something I would like to keep enabled...
Is there or could there be a directive to disable this "backdoor" connection between underlying business logic and content viewing template logic?
Maybe even extend it with the possibility to disable certain other Smarty functions:
$smarty = new Smarty;
$smarty->disable_function('php');
$smarty->disable_function('include');
// fill array with available smarty functions for this instance of the Smarty class
$functions_array = $smarty->list_available_functions();
etc.
Bas |
|
Back to top |
|
mohrt Administrator
Joined: 16 Apr 2003 Posts: 7368 Location: Lincoln Nebraska, USA
|
|
Back to top |
|
basvb Smarty n00b
Joined: 24 May 2006 Posts: 2
|
Posted: Wed May 24, 2006 4:11 pm Post subject: |
|
|
ah thanks... didn't see that one...
maybe the docs should include references to security on pages explaining {php} and other unsafe methods... |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|