|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
mcgee009 Smarty n00b
Joined: 28 Dec 2020 Posts: 3
|
Posted: Mon Dec 28, 2020 2:32 am Post subject: Smarty code in variable to execute? |
|
|
I am trying to build a CMS and have the content have smarty code and display like include at a certain spot how can this be done? |
|
Back to top |
|
bsmither Smarty Elite
Joined: 20 Dec 2011 Posts: 322 Location: West Coast
|
Posted: Mon Dec 28, 2020 8:27 pm Post subject: |
|
|
You are wanting to have a value destined for a Smarty variable to have Smarty code in it and have that code parsed by Smarty before assigning it to the variable.
Code: | $rendered_post_content = $Smarty']->fetch('string:' . $post_content);
$Smarty->assign('POST', $rendered_post_content); |
Note that all variables used in the post content need to already be known to Smarty. |
|
Back to top |
|
mcgee009 Smarty n00b
Joined: 28 Dec 2020 Posts: 3
|
Posted: Tue Dec 29, 2020 10:44 pm Post subject: Resolved |
|
|
Found away to do it with the help of knowing that $smarty-fetch('string'.$content); will work I can't share this knowledge due to it will be encoded later on for my CMS.
bsmither wrote: | You are wanting to have a value destined for a Smarty variable to have Smarty code in it and have that code parsed by Smarty before assigning it to the variable.
Code: | $rendered_post_content = $Smarty']->fetch('string:' . $post_content);
$Smarty->assign('POST', $rendered_post_content); |
Note that all variables used in the post content need to already be known to Smarty. |
|
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Wed Dec 30, 2020 10:01 pm Post subject: |
|
|
Make sure the code run this way is not coming from user input.
Quote: | I can't share this knowledge due |
Thanks, I laughed. |
|
Back to top |
|
mcgee009 Smarty n00b
Joined: 28 Dec 2020 Posts: 3
|
Posted: Thu Dec 31, 2020 2:16 am Post subject: |
|
|
AnrDaemon wrote: | Make sure the code run this way is not coming from user input.
Quote: | I can't share this knowledge due |
Thanks, I laughed. |
Actually this is coming from the back end with custom page function and I actually want them to be able to include templates and what not so they don't have to go edit a template each time and it will only work for custom pages. Everything else will require them to edit a template. |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Sun Jan 10, 2021 6:32 am Post subject: |
|
|
Again, if users can edit a template, they can insert literally anything into it. Any PHP code with very few restrictions.
Do not allow template editing, if you can avoid it. If you can not - use SmartySecurity class, but it is still not very good idea. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|