2004-04-13 11:47:32 +00:00
|
|
|
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
|
|
|
<!-- $Revision$ -->
|
|
|
|
|
<sect1 id="variable.security">
|
|
|
|
|
<title>$security</title>
|
|
|
|
|
<para>
|
2006-09-27 06:28:21 +00:00
|
|
|
<parameter>$security</parameter> can be &true; or &false;,
|
|
|
|
|
defaults to &false;. Security is good for
|
2004-04-13 11:47:32 +00:00
|
|
|
situations when you have untrusted parties editing the templates
|
2006-09-27 06:28:21 +00:00
|
|
|
eg via ftp, and you want to reduce the risk of system
|
2004-04-13 11:47:32 +00:00
|
|
|
security compromises through the template language. Turning on
|
|
|
|
|
security enforces the following rules to the template language,
|
2006-09-27 06:28:21 +00:00
|
|
|
unless specifially overridden with <link linkend="variable.security.settings">
|
|
|
|
|
<parameter>$security_settings</parameter></link>:
|
2004-04-13 11:47:32 +00:00
|
|
|
</para>
|
|
|
|
|
<itemizedlist>
|
2005-05-23 15:43:01 +00:00
|
|
|
<listitem>
|
2006-09-27 06:28:21 +00:00
|
|
|
<para>If <link linkend="variable.php.handling"><parameter>$php_handling</parameter></link>
|
|
|
|
|
is set to <constant>SMARTY_PHP_ALLOW</constant>, this is
|
|
|
|
|
implicitly changed to <constant>SMARTY_PHP_PASSTHRU</constant>
|
2005-05-23 15:43:01 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
<listitem>
|
|
|
|
|
<para>
|
|
|
|
|
PHP functions are not allowed in <link
|
2006-09-27 06:28:21 +00:00
|
|
|
linkend="language.function.if"><varname>{if}</varname></link> statements,
|
2005-05-23 15:43:01 +00:00
|
|
|
except those specified in the
|
2006-09-27 06:28:21 +00:00
|
|
|
<link linkend="variable.security.settings"><parameter>$security_settings</parameter></link>
|
2005-05-23 15:43:01 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
<listitem><para>
|
2006-09-27 06:28:21 +00:00
|
|
|
Templates can only be included from directories
|
2005-05-23 15:43:01 +00:00
|
|
|
listed in the
|
2006-09-27 06:28:21 +00:00
|
|
|
<link linkend="variable.secure.dir"><parameter>$secure_dir</parameter></link> array
|
2005-05-23 15:43:01 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
<listitem><para>
|
2006-09-27 06:28:21 +00:00
|
|
|
Local files can only be fetched from directories listed in the
|
|
|
|
|
<link linkend="variable.secure.dir"><parameter>$secure_dir</parameter></link>
|
|
|
|
|
array using <link linkend="language.function.fetch"><varname>{fetch}</varname></link>
|
2005-05-23 15:43:01 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
<listitem><para>
|
2006-09-27 06:28:21 +00:00
|
|
|
<link linkend="language.function.php"><varname>{php}{/php}</varname></link> tags are not allowed
|
2005-05-23 15:43:01 +00:00
|
|
|
</para></listitem>
|
|
|
|
|
<listitem><para>
|
|
|
|
|
PHP functions are not allowed as modifiers, except those specified in the
|
2006-09-27 06:28:21 +00:00
|
|
|
<link linkend="variable.security.settings"><parameter>$security_settings</parameter></link>
|
2005-05-23 15:43:01 +00:00
|
|
|
</para></listitem>
|
2004-04-13 11:47:32 +00:00
|
|
|
</itemizedlist>
|
|
|
|
|
</sect1>
|
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
|
|
|
Local variables:
|
|
|
|
|
mode: sgml
|
|
|
|
|
sgml-omittag:t
|
|
|
|
|
sgml-shorttag:t
|
|
|
|
|
sgml-minimize-attributes:nil
|
|
|
|
|
sgml-always-quote-attributes:t
|
|
|
|
|
sgml-indent-step:1
|
|
|
|
|
sgml-indent-data:t
|
|
|
|
|
indent-tabs-mode:nil
|
|
|
|
|
sgml-parent-document:nil
|
|
|
|
|
sgml-default-dtd-file:"../../../../manual.ced"
|
|
|
|
|
sgml-exposed-tags:nil
|
|
|
|
|
sgml-local-catalogs:nil
|
|
|
|
|
sgml-local-ecat-files:nil
|
|
|
|
|
End:
|
|
|
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
|
|
|
vim: et tw=78 syn=sgml
|
|
|
|
|
vi: ts=1 sw=1
|
|
|
|
|
-->
|
