smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-07-29 23:47:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class.

Browse Source
This commit is contained in:
Simon Wisselink
2022-09-27 12:21:01 +02:00
parent 1b556c7077
commit 254b5cabee
13 changed files with 8 additions and 226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
docs/appendixes/tips.md
View File

@ -188,67 +188,6 @@ See also [`{html_select_date}`](#language.function.html.select.date),
[`date_format`](#language.modifier.date.format) and [`date_format`](#language.modifier.date.format) and
[`$smarty.now`](#language.variables.smarty.now), [`$smarty.now`](#language.variables.smarty.now),
WAP/WML {#tips.wap}
=======
WAP/WML templates require a php [Content-Type
header](&url.php-manual;header) to be passed along with the template.
The easist way to do this would be to write a custom function that
prints the header. If you are using [caching](#caching), that won\'t
work so we\'ll do it using the [`{insert}`](#language.function.insert)
tag; remember `{insert}` tags are not cached! Be sure that there is
nothing output to the browser before the template, or else the header
may fail.
<?php
// be sure apache is configure for the .wml extensions!
// put this function somewhere in your application, or in Smarty.addons.php
function insert_header($params)
{
// this function expects $content argument
if (empty($params['content'])) {
return;
}
header($params['content']);
return;
}
?>
your Smarty template *must* begin with the insert tag :
{insert name=header content="Content-Type: text/vnd.wap.wml"}
<?xml version="1.0"?>
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
<!-- begin new wml deck -->
<wml>
<!-- begin first card -->
<card>
<do type="accept">
<go href="#two"/>
</do>
<p>
Welcome to WAP with Smarty!
Press OK to continue...
</p>
</card>
<!-- begin second card -->
<card id="two">
<p>
Pretty easy isn't it?
</p>
</card>
</wml>
Componentized Templates {#tips.componentized.templates} Componentized Templates {#tips.componentized.templates}
======================= =======================
@ -259,7 +198,7 @@ Smarty object, [`assign()`](#api.assign) the variables and
[`display()`](#api.display) the template. So lets say for example we [`display()`](#api.display) the template. So lets say for example we
have a stock ticker on our template. We would collect the stock data in have a stock ticker on our template. We would collect the stock data in
our application, then assign these variables in the template and display our application, then assign these variables in the template and display
it. Now wouldn\'t it be nice if you could add this stock ticker to any it. Now wouldn't it be nice if you could add this stock ticker to any
application by merely including the template, and not worry about application by merely including the template, and not worry about
fetching the data up front? fetching the data up front?
@ -301,9 +240,7 @@ assigning it to a template variable.
See also [`{include_php}`](#language.function.include.php), See also: [`{include}`](#language.function.include).
[`{include}`](#language.function.include) and
[`{php}`](#language.function.php).
Obfuscating E-mail Addresses {#tips.obfuscating.email} Obfuscating E-mail Addresses {#tips.obfuscating.email}
============================ ============================

2
docs/designers/language-basic-syntax/language-syntax-attributes.md
View File

@ -3,7 +3,7 @@ Attributes {#language.syntax.attributes}
Most of the [functions](#language.syntax.functions) take attributes that Most of the [functions](#language.syntax.functions) take attributes that
specify or modify their behavior. Attributes to Smarty functions are specify or modify their behavior. Attributes to Smarty functions are
much like HTML attributes. Static values don\'t have to be enclosed in much like HTML attributes. Static values don't have to be enclosed in
quotes, but it is required for literal strings. Variables with or quotes, but it is required for literal strings. Variables with or
without modifiers may also be used, and should not be in quotes. You can without modifiers may also be used, and should not be in quotes. You can
even use PHP function results, plugin results and complex expressions. even use PHP function results, plugin results and complex expressions.

1
docs/designers/language-builtin-functions.md
View File

@ -16,7 +16,6 @@ Built-in Functions {#language.builtin.functions}
- [{function}](./language-builtin-functions/language-function-function.md) - [{function}](./language-builtin-functions/language-function-function.md)
- [{if},{elseif},{else}](./language-builtin-functions/language-function-if.md) - [{if},{elseif},{else}](./language-builtin-functions/language-function-if.md)
- [{include}](./language-builtin-functions/language-function-include.md) - [{include}](./language-builtin-functions/language-function-include.md)
- [{include_php}](./language-builtin-functions/language-function-include.php)
- [{insert}](./language-builtin-functions/language-function-insert.md) - [{insert}](./language-builtin-functions/language-function-insert.md)
- [{ldelim},{rdelim}](./language-builtin-functions/language-function-ldelim.md) - [{ldelim},{rdelim}](./language-builtin-functions/language-function-ldelim.md)
- [{literal}](./language-builtin-functions/language-function-literal.md) - [{literal}](./language-builtin-functions/language-function-literal.md)

1
docs/designers/language-builtin-functions/language-function-assign.md
View File

@ -135,7 +135,6 @@ The following functions can also *optionally* assign template variables.
[`{capture}`](#language.function.capture), [`{capture}`](#language.function.capture),
[`{include}`](#language.function.include), [`{include}`](#language.function.include),
[`{include_php}`](#language.function.include.php),
[`{insert}`](#language.function.insert), [`{insert}`](#language.function.insert),
[`{counter}`](#language.function.counter), [`{counter}`](#language.function.counter),
[`{cycle}`](#language.function.cycle), [`{cycle}`](#language.function.cycle),

74
docs/designers/language-builtin-functions/language-function-include-php.md
View File

@ -1,74 +0,0 @@
{include\_php} {#language.function.include.php}
==============
> **Note**
>
> `{include_php}` is deprecated from Smarty, use registered plugins to
> properly insulate presentation from the application code. As of Smarty
> 3.1 the `{include_php}` tags are only available from [SmartyBC](#bc).
Attribute Name Type Required Default Description
---------------- --------- ---------- --------- ----------------------------------------------------------------------------------
file string Yes *n/a* The name of the php file to include as absolute path
once boolean No *TRUE* whether or not to include the php file more than once if included multiple times
assign string No *n/a* The name of the variable that the output of include\_php will be assigned to
**Option Flags:**
Name Description
--------- ----------------------------------------
nocache Disables caching of inluded PHP script
`{include_php}` tags are used to include a php script in your template.
The path of the attribute `file` can be either absolute, or relative to
[`$trusted_dir`](#variable.trusted.dir). If security is enabled, then
the script must be located in the `$trusted_dir` path of the securty
policy. See the [Security](#advanced.features.security) section for
details.
By default, php files are only included once even if called multiple
times in the template. You can specify that it should be included every
time with the `once` attribute. Setting once to FALSE will include the
php script each time it is included in the template.
You can optionally pass the `assign` attribute, which will specify a
template variable name that the output of `{include_php}` will be
assigned to instead of displayed.
The smarty object is available as `$_smarty_tpl->smarty` within the PHP
script that you include.
The `load_nav.php` file:
<?php
// load in variables from a mysql db and assign them to the template
require_once('database.class.php');
$db = new Db();
$db->query('select url, name from navigation order by name');
$this->assign('navigation', $db->getRows());
?>
where the template is:
{* absolute path, or relative to $trusted_dir *}
{include_php file='/path/to/load_nav.php'}
{include_php '/path/to/load_nav.php'} {* short-hand *}
{foreach item='nav' from=$navigation}
<a href="{$nav.url}">{$nav.name}</a><br />
{/foreach}
See also [`{include}`](#language.function.include),
[`$trusted_dir`](#variable.trusted.dir),
[`{php}`](#language.function.php),
[`{capture}`](#language.function.capture), [template
resources](#resources) and [componentized
templates](#tips.componentized.templates)

4
docs/designers/language-builtin-functions/language-function-include.md
View File

@ -188,7 +188,5 @@ current template.
See also [`{include_php}`](#language.function.include.php), See also [`{insert}`](#language.function.insert), [template resources](#resources) and
[`{insert}`](#language.function.insert),
[`{php}`](#language.function.php), [template resources](#resources) and
[componentized templates](#tips.componentized.templates). [componentized templates](#tips.componentized.templates).

28
docs/programmers/advanced-features/advanced-features-security.md
View File

@ -8,22 +8,6 @@ security compromises through the template language.
The settings of the security policy are defined by properties of an The settings of the security policy are defined by properties of an
instance of the Smarty\_Security class. These are the possible settings: instance of the Smarty\_Security class. These are the possible settings:
- `$php_handling` determines how Smarty to handle PHP code embedded in
templates. Possible values are:
- Smarty::PHP\_PASSTHRU -\> echo PHP tags as they are
- Smarty::PHP\_QUOTE -\> escape tags as entities
- Smarty::PHP\_REMOVE -\> remove php tags
- Smarty::PHP\_ALLOW -\> execute php tags
The default value is Smarty::PHP\_PASSTHRU.
If security is enabled the [`$php_handling`](#variable.php.handling)
setting of the Smarty object is not checked for security.
- `$secure_dir` is an array of template directories that are - `$secure_dir` is an array of template directories that are
considered secure. [`$template_dir`](#variable.template.dir) considered secure. [`$template_dir`](#variable.template.dir)
concidered secure implicitly. The default is an empty array. concidered secure implicitly. The default is an empty array.
@ -31,7 +15,7 @@ instance of the Smarty\_Security class. These are the possible settings:
- `$trusted_dir` is an array of all directories that are considered - `$trusted_dir` is an array of all directories that are considered
trusted. Trusted directories are where you keep php scripts that are trusted. Trusted directories are where you keep php scripts that are
executed directly from the templates with executed directly from the templates with
[`{include_php}`](#language.function.include.php). The default is an [`{insert}`](#language.function.insert.php). The default is an
empty array. empty array.
- `$trusted_uri` is an array of regular expressions matching URIs that - `$trusted_uri` is an array of regular expressions matching URIs that
@ -110,12 +94,8 @@ instance of the Smarty\_Security class. These are the possible settings:
super globals can be accessed by the template. The default is super globals can be accessed by the template. The default is
\"true\". \"true\".
- `$allow_php_tag` is a boolean flag which controls if {php} and
{include\_php} tags can be used by the template. The default is
\"false\".
If security is enabled, no private methods, functions or properties of If security is enabled, no private methods, functions or properties of
static classes or assigned objects can be accessed (beginningwith static classes or assigned objects can be accessed (beginning with
\'\_\') by the template. \'\_\') by the template.
To customize the security policy settings you can extend the To customize the security policy settings you can extend the
@ -128,8 +108,6 @@ Smarty\_Security class or create an instance of it.
class My_Security_Policy extends Smarty_Security { class My_Security_Policy extends Smarty_Security {
// disable all PHP functions // disable all PHP functions
public $php_functions = null; public $php_functions = null;
// remove PHP tags
public $php_handling = Smarty::PHP_REMOVE;
// allow everthing as modifier // allow everthing as modifier
public $php_modifiers = array(); public $php_modifiers = array();
} }
@ -145,8 +123,6 @@ Smarty\_Security class or create an instance of it.
$my_security_policy = new Smarty_Security($smarty); $my_security_policy = new Smarty_Security($smarty);
// disable all PHP functions // disable all PHP functions
$my_security_policy->php_functions = null; $my_security_policy->php_functions = null;
// remove PHP tags
$my_security_policy->php_handling = Smarty::PHP_REMOVE;
// allow everthing as modifier // allow everthing as modifier
$my_security_policy->php_modifiers = array(); $my_security_policy->php_modifiers = array();
// enable security // enable security

1
docs/programmers/api-variables.md
View File

@ -39,7 +39,6 @@ them directly, or use the corresponding setter/getter methods.
- [$left_delimiter](./api-variables/variable-left-delimiter.md) - [$left_delimiter](./api-variables/variable-left-delimiter.md)
- [$locking_timeout](./api-variables/variable-locking-timeout.md) - [$locking_timeout](./api-variables/variable-locking-timeout.md)
- [$merge_compiled_includes](./api-variables/variable-merge-compiled-includes.md) - [$merge_compiled_includes](./api-variables/variable-merge-compiled-includes.md)
- [$php_handling](./api-variables/variable-php-handling.md)
- [$plugins_dir](./api-variables/variable-plugins-dir.md) - [$plugins_dir](./api-variables/variable-plugins-dir.md)
- [$right_delimiter](./api-variables/variable-right-delimiter.md) - [$right_delimiter](./api-variables/variable-right-delimiter.md)
- [$smarty_debug_id](./api-variables/variable-smarty-debug-id.md) - [$smarty_debug_id](./api-variables/variable-smarty-debug-id.md)

21
docs/programmers/api-variables/variable-php-handling.md
View File

@ -1,21 +0,0 @@
\$php\_handling {#variable.php.handling}
===============
This tells Smarty how to handle PHP code embedded in the templates.
There are four possible settings, the default being
`Smarty::PHP_PASSTHRU`. Note that this does NOT affect php code within
[`{php}{/php}`](#language.function.php) tags in the template.
- `Smarty::PHP_PASSTHRU` - Smarty echos tags as-is.
- `Smarty::PHP_QUOTE` - Smarty quotes the tags as html entities.
- `Smarty::PHP_REMOVE` - Smarty removes the tags from the templates.
- `Smarty::PHP_ALLOW` - Smarty will execute the tags as PHP code.
> **Note**
>
> Embedding PHP code into templates is highly discouraged. Use [custom
> functions](#plugins.functions) or [modifiers](#plugins.modifiers)
> instead.

2
docs/programmers/api-variables/variable-trusted-dir.md
View File

@ -5,4 +5,4 @@
array of all directories that are considered trusted. Trusted array of all directories that are considered trusted. Trusted
directories are where you keep php scripts that are executed directly directories are where you keep php scripts that are executed directly
from the templates with from the templates with
[`{include_php}`](#language.function.include.php). [`{insert}`](#language.function.insert.php).

3
docs/programmers/smarty-constants.md
View File

@ -23,5 +23,4 @@ to determine the appropriate value automatically. If defined, the path
See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md) and See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md).
[`$php_handling constants`](./api-variables/variable-php-handling.md)

1
lexer/smarty_internal_templatelexer.plex
View File

@ -161,7 +161,6 @@ class Smarty_Internal_Templatelexer
'COMMENT' => 'comment', 'COMMENT' => 'comment',
'AS' => 'as', 'AS' => 'as',
'TO' => 'to', 'TO' => 'to',
'PHP' => '"<?php", "<%", "{php}" tag',
'LOGOP' => '"<", "==" ... logical operator', 'LOGOP' => '"<", "==" ... logical operator',
'TLOGOP' => '"lt", "eq" ... logical operator; "is div by" ... if condition', 'TLOGOP' => '"lt", "eq" ... logical operator; "is div by" ... if condition',
'SCOND' => '"is even" ... if condition', 'SCOND' => '"is even" ... if condition',

29
libs/sysplugins/smarty_security.php
View File

@ -555,35 +555,6 @@ class Smarty_Security
throw new SmartyException("URI '{$uri}' not allowed by security setting"); throw new SmartyException("URI '{$uri}' not allowed by security setting");
} }
/**
* Check if directory of file resource is trusted.
*
* @param string $filepath
*
* @return boolean true if directory is trusted
* @throws SmartyException if PHP directory is not trusted
*/
public function isTrustedPHPDir($filepath)
{
if (empty($this->trusted_dir)) {
throw new SmartyException("directory '{$filepath}' not allowed by security setting (no trusted_dir specified)");
}
// check if index is outdated
if (!$this->_trusted_dir || $this->_trusted_dir !== $this->trusted_dir) {
$this->_php_resource_dir = array();
$this->_trusted_dir = $this->trusted_dir;
foreach ((array)$this->trusted_dir as $directory) {
$directory = $this->smarty->_realpath($directory . '/', true);
$this->_php_resource_dir[ $directory ] = true;
}
}
$addPath = $this->_checkDir($filepath, $this->_php_resource_dir);
if ($addPath !== false) {
$this->_php_resource_dir = array_merge($this->_php_resource_dir, $addPath);
}
return true;
}
/** /**
* Remove old directories and its sub folders, add new directories * Remove old directories and its sub folders, add new directories
* *