Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class.

2025-07-29 15:37:14 +02:00 · 2022-09-27 12:21:01 +02:00
parent 1b556c7077
commit 254b5cabee
13 changed files with 8 additions and 226 deletions
--- a/docs/programmers/advanced-features/advanced-features-security.md
+++ b/docs/programmers/advanced-features/advanced-features-security.md
@ -8,22 +8,6 @@ security compromises through the template language.
 The settings of the security policy are defined by properties of an
 instance of the Smarty\_Security class. These are the possible settings:

-   `$php_handling` determines how Smarty to handle PHP code embedded in
-    templates. Possible values are:
-
-    -   Smarty::PHP\_PASSTHRU -\> echo PHP tags as they are
-
-    -   Smarty::PHP\_QUOTE -\> escape tags as entities
-
-    -   Smarty::PHP\_REMOVE -\> remove php tags
-
-    -   Smarty::PHP\_ALLOW -\> execute php tags
-
-    The default value is Smarty::PHP\_PASSTHRU.
-
-    If security is enabled the [`$php_handling`](#variable.php.handling)
-    setting of the Smarty object is not checked for security.
-
 -   `$secure_dir` is an array of template directories that are
    considered secure. [`$template_dir`](#variable.template.dir)
    concidered secure implicitly. The default is an empty array.
@ -31,7 +15,7 @@ instance of the Smarty\_Security class. These are the possible settings:
 -   `$trusted_dir` is an array of all directories that are considered
    trusted. Trusted directories are where you keep php scripts that are
    executed directly from the templates with
-    [`{include_php}`](#language.function.include.php). The default is an
+    [`{insert}`](#language.function.insert.php). The default is an
    empty array.

 -   `$trusted_uri` is an array of regular expressions matching URIs that
@ -110,12 +94,8 @@ instance of the Smarty\_Security class. These are the possible settings:
    super globals can be accessed by the template. The default is
    \"true\".

-   `$allow_php_tag` is a boolean flag which controls if {php} and
-    {include\_php} tags can be used by the template. The default is
-    \"false\".
-
 If security is enabled, no private methods, functions or properties of
-static classes or assigned objects can be accessed (beginningwith
+static classes or assigned objects can be accessed (beginning with
 \'\_\') by the template.

 To customize the security policy settings you can extend the
@ -128,8 +108,6 @@ Smarty\_Security class or create an instance of it.
    class My_Security_Policy extends Smarty_Security {
      // disable all PHP functions
      public $php_functions = null;
-      // remove PHP tags
-      public $php_handling = Smarty::PHP_REMOVE;
      // allow everthing as modifier
      public $php_modifiers = array();
    }
@ -145,8 +123,6 @@ Smarty\_Security class or create an instance of it.
    $my_security_policy = new Smarty_Security($smarty);
    // disable all PHP functions
    $my_security_policy->php_functions = null;
-    // remove PHP tags
-    $my_security_policy->php_handling = Smarty::PHP_REMOVE;
    // allow everthing as modifier
    $my_security_policy->php_modifiers = array();
    // enable security
--- a/docs/programmers/api-variables.md
+++ b/docs/programmers/api-variables.md
@ -39,7 +39,6 @@ them directly, or use the corresponding setter/getter methods.
 - [$left_delimiter](./api-variables/variable-left-delimiter.md)
 - [$locking_timeout](./api-variables/variable-locking-timeout.md)
 - [$merge_compiled_includes](./api-variables/variable-merge-compiled-includes.md)
- [$php_handling](./api-variables/variable-php-handling.md)
 - [$plugins_dir](./api-variables/variable-plugins-dir.md)
 - [$right_delimiter](./api-variables/variable-right-delimiter.md)
 - [$smarty_debug_id](./api-variables/variable-smarty-debug-id.md)
--- a/docs/programmers/api-variables/variable-php-handling.md
+++ b/docs/programmers/api-variables/variable-php-handling.md
@ -1,21 +0,0 @@
-\$php\_handling {#variable.php.handling}
-===============
-
-This tells Smarty how to handle PHP code embedded in the templates.
-There are four possible settings, the default being
-`Smarty::PHP_PASSTHRU`. Note that this does NOT affect php code within
-[`{php}{/php}`](#language.function.php) tags in the template.
-
-   `Smarty::PHP_PASSTHRU` - Smarty echos tags as-is.
-
-   `Smarty::PHP_QUOTE` - Smarty quotes the tags as html entities.
-
-   `Smarty::PHP_REMOVE` - Smarty removes the tags from the templates.
-
-   `Smarty::PHP_ALLOW` - Smarty will execute the tags as PHP code.
-
-> **Note**
->
-> Embedding PHP code into templates is highly discouraged. Use [custom
-> functions](#plugins.functions) or [modifiers](#plugins.modifiers)
-> instead.
--- a/docs/programmers/api-variables/variable-trusted-dir.md
+++ b/docs/programmers/api-variables/variable-trusted-dir.md
@ -5,4 +5,4 @@
 array of all directories that are considered trusted. Trusted
 directories are where you keep php scripts that are executed directly
 from the templates with
-[`{include_php}`](#language.function.include.php).
+[`{insert}`](#language.function.insert.php).
--- a/docs/programmers/smarty-constants.md
+++ b/docs/programmers/smarty-constants.md
@ -23,5 +23,4 @@ to determine the appropriate value automatically. If defined, the path

         

-See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md) and
-[`$php_handling constants`](./api-variables/variable-php-handling.md)
+See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md).