diff --git a/docs/appendixes/tips.md b/docs/appendixes/tips.md
index b0ea40cc..cdcc56b1 100644
--- a/docs/appendixes/tips.md
+++ b/docs/appendixes/tips.md
@@ -188,67 +188,6 @@ See also [`{html_select_date}`](#language.function.html.select.date),
[`date_format`](#language.modifier.date.format) and
[`$smarty.now`](#language.variables.smarty.now),
-WAP/WML {#tips.wap}
-=======
-
-WAP/WML templates require a php [Content-Type
-header](&url.php-manual;header) to be passed along with the template.
-The easist way to do this would be to write a custom function that
-prints the header. If you are using [caching](#caching), that won\'t
-work so we\'ll do it using the [`{insert}`](#language.function.insert)
-tag; remember `{insert}` tags are not cached! Be sure that there is
-nothing output to the browser before the template, or else the header
-may fail.
-
-
-
-
-
-
-your Smarty template *must* begin with the insert tag :
-
-
- {insert name=header content="Content-Type: text/vnd.wap.wml"}
-
-
-
-
-
-
-
-
-
-
-
-
- Welcome to WAP with Smarty!
- Press OK to continue...
-
-
-
-
-
- Pretty easy isn't it?
-
-
-
-
-
-
Componentized Templates {#tips.componentized.templates}
=======================
@@ -259,7 +198,7 @@ Smarty object, [`assign()`](#api.assign) the variables and
[`display()`](#api.display) the template. So lets say for example we
have a stock ticker on our template. We would collect the stock data in
our application, then assign these variables in the template and display
-it. Now wouldn\'t it be nice if you could add this stock ticker to any
+it. Now wouldn't it be nice if you could add this stock ticker to any
application by merely including the template, and not worry about
fetching the data up front?
@@ -301,9 +240,7 @@ assigning it to a template variable.
-See also [`{include_php}`](#language.function.include.php),
-[`{include}`](#language.function.include) and
-[`{php}`](#language.function.php).
+See also: [`{include}`](#language.function.include).
Obfuscating E-mail Addresses {#tips.obfuscating.email}
============================
diff --git a/docs/designers/language-basic-syntax/language-syntax-attributes.md b/docs/designers/language-basic-syntax/language-syntax-attributes.md
index 0fa7c773..417ac972 100644
--- a/docs/designers/language-basic-syntax/language-syntax-attributes.md
+++ b/docs/designers/language-basic-syntax/language-syntax-attributes.md
@@ -3,7 +3,7 @@ Attributes {#language.syntax.attributes}
Most of the [functions](#language.syntax.functions) take attributes that
specify or modify their behavior. Attributes to Smarty functions are
-much like HTML attributes. Static values don\'t have to be enclosed in
+much like HTML attributes. Static values don't have to be enclosed in
quotes, but it is required for literal strings. Variables with or
without modifiers may also be used, and should not be in quotes. You can
even use PHP function results, plugin results and complex expressions.
diff --git a/docs/designers/language-builtin-functions.md b/docs/designers/language-builtin-functions.md
index 6c0879d6..fa615555 100644
--- a/docs/designers/language-builtin-functions.md
+++ b/docs/designers/language-builtin-functions.md
@@ -16,7 +16,6 @@ Built-in Functions {#language.builtin.functions}
- [{function}](./language-builtin-functions/language-function-function.md)
- [{if},{elseif},{else}](./language-builtin-functions/language-function-if.md)
- [{include}](./language-builtin-functions/language-function-include.md)
-- [{include_php}](./language-builtin-functions/language-function-include.php)
- [{insert}](./language-builtin-functions/language-function-insert.md)
- [{ldelim},{rdelim}](./language-builtin-functions/language-function-ldelim.md)
- [{literal}](./language-builtin-functions/language-function-literal.md)
diff --git a/docs/designers/language-builtin-functions/language-function-assign.md b/docs/designers/language-builtin-functions/language-function-assign.md
index 3d3615bf..e4d50d30 100644
--- a/docs/designers/language-builtin-functions/language-function-assign.md
+++ b/docs/designers/language-builtin-functions/language-function-assign.md
@@ -135,7 +135,6 @@ The following functions can also *optionally* assign template variables.
[`{capture}`](#language.function.capture),
[`{include}`](#language.function.include),
-[`{include_php}`](#language.function.include.php),
[`{insert}`](#language.function.insert),
[`{counter}`](#language.function.counter),
[`{cycle}`](#language.function.cycle),
diff --git a/docs/designers/language-builtin-functions/language-function-include-php.md b/docs/designers/language-builtin-functions/language-function-include-php.md
deleted file mode 100644
index 8fc074a2..00000000
--- a/docs/designers/language-builtin-functions/language-function-include-php.md
+++ /dev/null
@@ -1,74 +0,0 @@
-{include\_php} {#language.function.include.php}
-==============
-
-> **Note**
->
-> `{include_php}` is deprecated from Smarty, use registered plugins to
-> properly insulate presentation from the application code. As of Smarty
-> 3.1 the `{include_php}` tags are only available from [SmartyBC](#bc).
-
- Attribute Name Type Required Default Description
- ---------------- --------- ---------- --------- ----------------------------------------------------------------------------------
- file string Yes *n/a* The name of the php file to include as absolute path
- once boolean No *TRUE* whether or not to include the php file more than once if included multiple times
- assign string No *n/a* The name of the variable that the output of include\_php will be assigned to
-
-**Option Flags:**
-
- Name Description
- --------- ----------------------------------------
- nocache Disables caching of inluded PHP script
-
-`{include_php}` tags are used to include a php script in your template.
-The path of the attribute `file` can be either absolute, or relative to
-[`$trusted_dir`](#variable.trusted.dir). If security is enabled, then
-the script must be located in the `$trusted_dir` path of the securty
-policy. See the [Security](#advanced.features.security) section for
-details.
-
-By default, php files are only included once even if called multiple
-times in the template. You can specify that it should be included every
-time with the `once` attribute. Setting once to FALSE will include the
-php script each time it is included in the template.
-
-You can optionally pass the `assign` attribute, which will specify a
-template variable name that the output of `{include_php}` will be
-assigned to instead of displayed.
-
-The smarty object is available as `$_smarty_tpl->smarty` within the PHP
-script that you include.
-
-The `load_nav.php` file:
-
-
- query('select url, name from navigation order by name');
- $this->assign('navigation', $db->getRows());
-
- ?>
-
-
-
-where the template is:
-
-
- {* absolute path, or relative to $trusted_dir *}
- {include_php file='/path/to/load_nav.php'}
- {include_php '/path/to/load_nav.php'} {* short-hand *}
-
- {foreach item='nav' from=$navigation}
- {$nav.name}
- {/foreach}
-
-
-
-See also [`{include}`](#language.function.include),
-[`$trusted_dir`](#variable.trusted.dir),
-[`{php}`](#language.function.php),
-[`{capture}`](#language.function.capture), [template
-resources](#resources) and [componentized
-templates](#tips.componentized.templates)
diff --git a/docs/designers/language-builtin-functions/language-function-include.md b/docs/designers/language-builtin-functions/language-function-include.md
index 956d893e..512f14a3 100644
--- a/docs/designers/language-builtin-functions/language-function-include.md
+++ b/docs/designers/language-builtin-functions/language-function-include.md
@@ -188,7 +188,5 @@ current template.
-See also [`{include_php}`](#language.function.include.php),
-[`{insert}`](#language.function.insert),
-[`{php}`](#language.function.php), [template resources](#resources) and
+See also [`{insert}`](#language.function.insert), [template resources](#resources) and
[componentized templates](#tips.componentized.templates).
diff --git a/docs/programmers/advanced-features/advanced-features-security.md b/docs/programmers/advanced-features/advanced-features-security.md
index 98817a43..15755b42 100644
--- a/docs/programmers/advanced-features/advanced-features-security.md
+++ b/docs/programmers/advanced-features/advanced-features-security.md
@@ -8,22 +8,6 @@ security compromises through the template language.
The settings of the security policy are defined by properties of an
instance of the Smarty\_Security class. These are the possible settings:
-- `$php_handling` determines how Smarty to handle PHP code embedded in
- templates. Possible values are:
-
- - Smarty::PHP\_PASSTHRU -\> echo PHP tags as they are
-
- - Smarty::PHP\_QUOTE -\> escape tags as entities
-
- - Smarty::PHP\_REMOVE -\> remove php tags
-
- - Smarty::PHP\_ALLOW -\> execute php tags
-
- The default value is Smarty::PHP\_PASSTHRU.
-
- If security is enabled the [`$php_handling`](#variable.php.handling)
- setting of the Smarty object is not checked for security.
-
- `$secure_dir` is an array of template directories that are
considered secure. [`$template_dir`](#variable.template.dir)
concidered secure implicitly. The default is an empty array.
@@ -31,7 +15,7 @@ instance of the Smarty\_Security class. These are the possible settings:
- `$trusted_dir` is an array of all directories that are considered
trusted. Trusted directories are where you keep php scripts that are
executed directly from the templates with
- [`{include_php}`](#language.function.include.php). The default is an
+ [`{insert}`](#language.function.insert.php). The default is an
empty array.
- `$trusted_uri` is an array of regular expressions matching URIs that
@@ -110,12 +94,8 @@ instance of the Smarty\_Security class. These are the possible settings:
super globals can be accessed by the template. The default is
\"true\".
-- `$allow_php_tag` is a boolean flag which controls if {php} and
- {include\_php} tags can be used by the template. The default is
- \"false\".
-
If security is enabled, no private methods, functions or properties of
-static classes or assigned objects can be accessed (beginningwith
+static classes or assigned objects can be accessed (beginning with
\'\_\') by the template.
To customize the security policy settings you can extend the
@@ -128,8 +108,6 @@ Smarty\_Security class or create an instance of it.
class My_Security_Policy extends Smarty_Security {
// disable all PHP functions
public $php_functions = null;
- // remove PHP tags
- public $php_handling = Smarty::PHP_REMOVE;
// allow everthing as modifier
public $php_modifiers = array();
}
@@ -145,8 +123,6 @@ Smarty\_Security class or create an instance of it.
$my_security_policy = new Smarty_Security($smarty);
// disable all PHP functions
$my_security_policy->php_functions = null;
- // remove PHP tags
- $my_security_policy->php_handling = Smarty::PHP_REMOVE;
// allow everthing as modifier
$my_security_policy->php_modifiers = array();
// enable security
diff --git a/docs/programmers/api-variables.md b/docs/programmers/api-variables.md
index 2fcf6e21..ee9c0761 100644
--- a/docs/programmers/api-variables.md
+++ b/docs/programmers/api-variables.md
@@ -39,7 +39,6 @@ them directly, or use the corresponding setter/getter methods.
- [$left_delimiter](./api-variables/variable-left-delimiter.md)
- [$locking_timeout](./api-variables/variable-locking-timeout.md)
- [$merge_compiled_includes](./api-variables/variable-merge-compiled-includes.md)
-- [$php_handling](./api-variables/variable-php-handling.md)
- [$plugins_dir](./api-variables/variable-plugins-dir.md)
- [$right_delimiter](./api-variables/variable-right-delimiter.md)
- [$smarty_debug_id](./api-variables/variable-smarty-debug-id.md)
diff --git a/docs/programmers/api-variables/variable-php-handling.md b/docs/programmers/api-variables/variable-php-handling.md
deleted file mode 100644
index 574ea6d5..00000000
--- a/docs/programmers/api-variables/variable-php-handling.md
+++ /dev/null
@@ -1,21 +0,0 @@
-\$php\_handling {#variable.php.handling}
-===============
-
-This tells Smarty how to handle PHP code embedded in the templates.
-There are four possible settings, the default being
-`Smarty::PHP_PASSTHRU`. Note that this does NOT affect php code within
-[`{php}{/php}`](#language.function.php) tags in the template.
-
-- `Smarty::PHP_PASSTHRU` - Smarty echos tags as-is.
-
-- `Smarty::PHP_QUOTE` - Smarty quotes the tags as html entities.
-
-- `Smarty::PHP_REMOVE` - Smarty removes the tags from the templates.
-
-- `Smarty::PHP_ALLOW` - Smarty will execute the tags as PHP code.
-
-> **Note**
->
-> Embedding PHP code into templates is highly discouraged. Use [custom
-> functions](#plugins.functions) or [modifiers](#plugins.modifiers)
-> instead.
diff --git a/docs/programmers/api-variables/variable-trusted-dir.md b/docs/programmers/api-variables/variable-trusted-dir.md
index 3d1a308f..9720ae8a 100644
--- a/docs/programmers/api-variables/variable-trusted-dir.md
+++ b/docs/programmers/api-variables/variable-trusted-dir.md
@@ -5,4 +5,4 @@
array of all directories that are considered trusted. Trusted
directories are where you keep php scripts that are executed directly
from the templates with
-[`{include_php}`](#language.function.include.php).
+[`{insert}`](#language.function.insert.php).
diff --git a/docs/programmers/smarty-constants.md b/docs/programmers/smarty-constants.md
index 042ea5e3..de04e1b5 100644
--- a/docs/programmers/smarty-constants.md
+++ b/docs/programmers/smarty-constants.md
@@ -23,5 +23,4 @@ to determine the appropriate value automatically. If defined, the path
-See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md) and
-[`$php_handling constants`](./api-variables/variable-php-handling.md)
+See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md).
diff --git a/lexer/smarty_internal_templatelexer.plex b/lexer/smarty_internal_templatelexer.plex
index 67c840d7..2cd46df9 100644
--- a/lexer/smarty_internal_templatelexer.plex
+++ b/lexer/smarty_internal_templatelexer.plex
@@ -161,7 +161,6 @@ class Smarty_Internal_Templatelexer
'COMMENT' => 'comment',
'AS' => 'as',
'TO' => 'to',
- 'PHP' => '" '"<", "==" ... logical operator',
'TLOGOP' => '"lt", "eq" ... logical operator; "is div by" ... if condition',
'SCOND' => '"is even" ... if condition',
diff --git a/libs/sysplugins/smarty_security.php b/libs/sysplugins/smarty_security.php
index 42c2a766..974c6352 100644
--- a/libs/sysplugins/smarty_security.php
+++ b/libs/sysplugins/smarty_security.php
@@ -555,35 +555,6 @@ class Smarty_Security
throw new SmartyException("URI '{$uri}' not allowed by security setting");
}
- /**
- * Check if directory of file resource is trusted.
- *
- * @param string $filepath
- *
- * @return boolean true if directory is trusted
- * @throws SmartyException if PHP directory is not trusted
- */
- public function isTrustedPHPDir($filepath)
- {
- if (empty($this->trusted_dir)) {
- throw new SmartyException("directory '{$filepath}' not allowed by security setting (no trusted_dir specified)");
- }
- // check if index is outdated
- if (!$this->_trusted_dir || $this->_trusted_dir !== $this->trusted_dir) {
- $this->_php_resource_dir = array();
- $this->_trusted_dir = $this->trusted_dir;
- foreach ((array)$this->trusted_dir as $directory) {
- $directory = $this->smarty->_realpath($directory . '/', true);
- $this->_php_resource_dir[ $directory ] = true;
- }
- }
- $addPath = $this->_checkDir($filepath, $this->_php_resource_dir);
- if ($addPath !== false) {
- $this->_php_resource_dir = array_merge($this->_php_resource_dir, $addPath);
- }
- return true;
- }
-
/**
* Remove old directories and its sub folders, add new directories
*