Smarty Forum Index Smarty
The discussions here are for Smarty, a template engine for the PHP programming language.

default_modifiers in smarty 3

 
Post new topic   Reply to topic    Smarty Forum Index -> Feature Requests
View previous topic :: View next topic  
Author Message
smartybug
Smarty Rookie


Joined: 18 Jan 2010
Posts: 14

PostPosted: Mon Jan 18, 2010 4:13 am    Post subject: default_modifiers in smarty 3 Reply with quote

The $smarty->default_modifiers feature was removed from smarty 3 (but the docs make no mention of this.)

Now my application has a HUGE number of xss flaws. Is there are replacement for this feature? Or do I have to hack up $smarty->assign() clean all variables ?


Last edited by smartybug on Wed May 05, 2010 11:19 pm; edited 1 time in total
Back to top
View user's profile Send private message
gomo
Smarty n00b


Joined: 20 Jan 2010
Posts: 1

PostPosted: Wed Jan 20, 2010 3:30 am    Post subject: Reply with quote

Hi
You can use 'variablefilter'.

e.g.
Code:

$smarty->loadPlugin('smarty_modifier_escape');
$smarty->register_variablefilter('smarty_modifier_escape');//arg is php callable

'smarty:nodefaults' change to 'nofilter'.
Code:

{$foo nofilter}// no escape this variable.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Smarty Forum Index -> Feature Requests All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP