mirror of
https://github.com/smarty-php/smarty.git
synced 2025-07-29 15:37:14 +02:00
Dropped remaining references to removed PHP-support in Smarty 4 from docs, lexer and security class.
This commit is contained in:
Simon Wisselink
@ -188,67 +188,6 @@ See also [`{html_select_date}`](#language.function.html.select.date),
|
||||
[`date_format`](#language.modifier.date.format) and
|
||||
[`$smarty.now`](#language.variables.smarty.now),
|
||||
|
||||
WAP/WML {#tips.wap}
|
||||
=======
|
||||
|
||||
WAP/WML templates require a php [Content-Type
|
||||
header](&url.php-manual;header) to be passed along with the template.
|
||||
The easist way to do this would be to write a custom function that
|
||||
prints the header. If you are using [caching](#caching), that won\'t
|
||||
work so we\'ll do it using the [`{insert}`](#language.function.insert)
|
||||
tag; remember `{insert}` tags are not cached! Be sure that there is
|
||||
nothing output to the browser before the template, or else the header
|
||||
may fail.
|
||||
|
||||
|
||||
<?php
|
||||
|
||||
// be sure apache is configure for the .wml extensions!
|
||||
// put this function somewhere in your application, or in Smarty.addons.php
|
||||
function insert_header($params)
|
||||
{
|
||||
// this function expects $content argument
|
||||
if (empty($params['content'])) {
|
||||
return;
|
||||
}
|
||||
header($params['content']);
|
||||
return;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
||||
|
||||
your Smarty template *must* begin with the insert tag :
|
||||
|
||||
|
||||
{insert name=header content="Content-Type: text/vnd.wap.wml"}
|
||||
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE wml PUBLIC "-//WAPFORUM//DTD WML 1.1//EN" "http://www.wapforum.org/DTD/wml_1.1.xml">
|
||||
|
||||
<!-- begin new wml deck -->
|
||||
<wml>
|
||||
<!-- begin first card -->
|
||||
<card>
|
||||
<do type="accept">
|
||||
<go href="#two"/>
|
||||
</do>
|
||||
<p>
|
||||
Welcome to WAP with Smarty!
|
||||
Press OK to continue...
|
||||
</p>
|
||||
</card>
|
||||
<!-- begin second card -->
|
||||
<card id="two">
|
||||
<p>
|
||||
Pretty easy isn't it?
|
||||
</p>
|
||||
</card>
|
||||
</wml>
|
||||
|
||||
|
||||
|
||||
Componentized Templates {#tips.componentized.templates}
|
||||
=======================
|
||||
|
||||
@ -259,7 +198,7 @@ Smarty object, [`assign()`](#api.assign) the variables and
|
||||
[`display()`](#api.display) the template. So lets say for example we
|
||||
have a stock ticker on our template. We would collect the stock data in
|
||||
our application, then assign these variables in the template and display
|
||||
it. Now wouldn\'t it be nice if you could add this stock ticker to any
|
||||
it. Now wouldn't it be nice if you could add this stock ticker to any
|
||||
application by merely including the template, and not worry about
|
||||
fetching the data up front?
|
||||
|
||||
@ -301,9 +240,7 @@ assigning it to a template variable.
|
||||
|
||||
|
||||
|
||||
See also [`{include_php}`](#language.function.include.php),
|
||||
[`{include}`](#language.function.include) and
|
||||
[`{php}`](#language.function.php).
|
||||
See also: [`{include}`](#language.function.include).
|
||||
|
||||
Obfuscating E-mail Addresses {#tips.obfuscating.email}
|
||||
============================
|
||||
|
||||
@ -3,7 +3,7 @@ Attributes {#language.syntax.attributes}
|
||||
|
||||
Most of the [functions](#language.syntax.functions) take attributes that
|
||||
specify or modify their behavior. Attributes to Smarty functions are
|
||||
much like HTML attributes. Static values don\'t have to be enclosed in
|
||||
much like HTML attributes. Static values don't have to be enclosed in
|
||||
quotes, but it is required for literal strings. Variables with or
|
||||
without modifiers may also be used, and should not be in quotes. You can
|
||||
even use PHP function results, plugin results and complex expressions.
|
||||
|
||||
@ -16,7 +16,6 @@ Built-in Functions {#language.builtin.functions}
|
||||
- [{function}](./language-builtin-functions/language-function-function.md)
|
||||
- [{if},{elseif},{else}](./language-builtin-functions/language-function-if.md)
|
||||
- [{include}](./language-builtin-functions/language-function-include.md)
|
||||
- [{include_php}](./language-builtin-functions/language-function-include.php)
|
||||
- [{insert}](./language-builtin-functions/language-function-insert.md)
|
||||
- [{ldelim},{rdelim}](./language-builtin-functions/language-function-ldelim.md)
|
||||
- [{literal}](./language-builtin-functions/language-function-literal.md)
|
||||
|
||||
@ -135,7 +135,6 @@ The following functions can also *optionally* assign template variables.
|
||||
|
||||
[`{capture}`](#language.function.capture),
|
||||
[`{include}`](#language.function.include),
|
||||
[`{include_php}`](#language.function.include.php),
|
||||
[`{insert}`](#language.function.insert),
|
||||
[`{counter}`](#language.function.counter),
|
||||
[`{cycle}`](#language.function.cycle),
|
||||
|
||||
@ -1,74 +0,0 @@
|
||||
{include\_php} {#language.function.include.php}
|
||||
==============
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> `{include_php}` is deprecated from Smarty, use registered plugins to
|
||||
> properly insulate presentation from the application code. As of Smarty
|
||||
> 3.1 the `{include_php}` tags are only available from [SmartyBC](#bc).
|
||||
|
||||
Attribute Name Type Required Default Description
|
||||
---------------- --------- ---------- --------- ----------------------------------------------------------------------------------
|
||||
file string Yes *n/a* The name of the php file to include as absolute path
|
||||
once boolean No *TRUE* whether or not to include the php file more than once if included multiple times
|
||||
assign string No *n/a* The name of the variable that the output of include\_php will be assigned to
|
||||
|
||||
**Option Flags:**
|
||||
|
||||
Name Description
|
||||
--------- ----------------------------------------
|
||||
nocache Disables caching of inluded PHP script
|
||||
|
||||
`{include_php}` tags are used to include a php script in your template.
|
||||
The path of the attribute `file` can be either absolute, or relative to
|
||||
[`$trusted_dir`](#variable.trusted.dir). If security is enabled, then
|
||||
the script must be located in the `$trusted_dir` path of the securty
|
||||
policy. See the [Security](#advanced.features.security) section for
|
||||
details.
|
||||
|
||||
By default, php files are only included once even if called multiple
|
||||
times in the template. You can specify that it should be included every
|
||||
time with the `once` attribute. Setting once to FALSE will include the
|
||||
php script each time it is included in the template.
|
||||
|
||||
You can optionally pass the `assign` attribute, which will specify a
|
||||
template variable name that the output of `{include_php}` will be
|
||||
assigned to instead of displayed.
|
||||
|
||||
The smarty object is available as `$_smarty_tpl->smarty` within the PHP
|
||||
script that you include.
|
||||
|
||||
The `load_nav.php` file:
|
||||
|
||||
|
||||
<?php
|
||||
|
||||
// load in variables from a mysql db and assign them to the template
|
||||
require_once('database.class.php');
|
||||
$db = new Db();
|
||||
$db->query('select url, name from navigation order by name');
|
||||
$this->assign('navigation', $db->getRows());
|
||||
|
||||
?>
|
||||
|
||||
|
||||
|
||||
where the template is:
|
||||
|
||||
|
||||
{* absolute path, or relative to $trusted_dir *}
|
||||
{include_php file='/path/to/load_nav.php'}
|
||||
{include_php '/path/to/load_nav.php'} {* short-hand *}
|
||||
|
||||
{foreach item='nav' from=$navigation}
|
||||
<a href="{$nav.url}">{$nav.name}</a><br />
|
||||
{/foreach}
|
||||
|
||||
|
||||
|
||||
See also [`{include}`](#language.function.include),
|
||||
[`$trusted_dir`](#variable.trusted.dir),
|
||||
[`{php}`](#language.function.php),
|
||||
[`{capture}`](#language.function.capture), [template
|
||||
resources](#resources) and [componentized
|
||||
templates](#tips.componentized.templates)
|
||||
@ -188,7 +188,5 @@ current template.
|
||||
|
||||
|
||||
|
||||
See also [`{include_php}`](#language.function.include.php),
|
||||
[`{insert}`](#language.function.insert),
|
||||
[`{php}`](#language.function.php), [template resources](#resources) and
|
||||
See also [`{insert}`](#language.function.insert), [template resources](#resources) and
|
||||
[componentized templates](#tips.componentized.templates).
|
||||
|
||||
@ -8,22 +8,6 @@ security compromises through the template language.
|
||||
The settings of the security policy are defined by properties of an
|
||||
instance of the Smarty\_Security class. These are the possible settings:
|
||||
|
||||
- `$php_handling` determines how Smarty to handle PHP code embedded in
|
||||
templates. Possible values are:
|
||||
|
||||
- Smarty::PHP\_PASSTHRU -\> echo PHP tags as they are
|
||||
|
||||
- Smarty::PHP\_QUOTE -\> escape tags as entities
|
||||
|
||||
- Smarty::PHP\_REMOVE -\> remove php tags
|
||||
|
||||
- Smarty::PHP\_ALLOW -\> execute php tags
|
||||
|
||||
The default value is Smarty::PHP\_PASSTHRU.
|
||||
|
||||
If security is enabled the [`$php_handling`](#variable.php.handling)
|
||||
setting of the Smarty object is not checked for security.
|
||||
|
||||
- `$secure_dir` is an array of template directories that are
|
||||
considered secure. [`$template_dir`](#variable.template.dir)
|
||||
concidered secure implicitly. The default is an empty array.
|
||||
@ -31,7 +15,7 @@ instance of the Smarty\_Security class. These are the possible settings:
|
||||
- `$trusted_dir` is an array of all directories that are considered
|
||||
trusted. Trusted directories are where you keep php scripts that are
|
||||
executed directly from the templates with
|
||||
[`{include_php}`](#language.function.include.php). The default is an
|
||||
[`{insert}`](#language.function.insert.php). The default is an
|
||||
empty array.
|
||||
|
||||
- `$trusted_uri` is an array of regular expressions matching URIs that
|
||||
@ -110,10 +94,6 @@ instance of the Smarty\_Security class. These are the possible settings:
|
||||
super globals can be accessed by the template. The default is
|
||||
\"true\".
|
||||
|
||||
- `$allow_php_tag` is a boolean flag which controls if {php} and
|
||||
{include\_php} tags can be used by the template. The default is
|
||||
\"false\".
|
||||
|
||||
If security is enabled, no private methods, functions or properties of
|
||||
static classes or assigned objects can be accessed (beginning with
|
||||
\'\_\') by the template.
|
||||
@ -128,8 +108,6 @@ Smarty\_Security class or create an instance of it.
|
||||
class My_Security_Policy extends Smarty_Security {
|
||||
// disable all PHP functions
|
||||
public $php_functions = null;
|
||||
// remove PHP tags
|
||||
public $php_handling = Smarty::PHP_REMOVE;
|
||||
// allow everthing as modifier
|
||||
public $php_modifiers = array();
|
||||
}
|
||||
@ -145,8 +123,6 @@ Smarty\_Security class or create an instance of it.
|
||||
$my_security_policy = new Smarty_Security($smarty);
|
||||
// disable all PHP functions
|
||||
$my_security_policy->php_functions = null;
|
||||
// remove PHP tags
|
||||
$my_security_policy->php_handling = Smarty::PHP_REMOVE;
|
||||
// allow everthing as modifier
|
||||
$my_security_policy->php_modifiers = array();
|
||||
// enable security
|
||||
|
||||
@ -39,7 +39,6 @@ them directly, or use the corresponding setter/getter methods.
|
||||
- [$left_delimiter](./api-variables/variable-left-delimiter.md)
|
||||
- [$locking_timeout](./api-variables/variable-locking-timeout.md)
|
||||
- [$merge_compiled_includes](./api-variables/variable-merge-compiled-includes.md)
|
||||
- [$php_handling](./api-variables/variable-php-handling.md)
|
||||
- [$plugins_dir](./api-variables/variable-plugins-dir.md)
|
||||
- [$right_delimiter](./api-variables/variable-right-delimiter.md)
|
||||
- [$smarty_debug_id](./api-variables/variable-smarty-debug-id.md)
|
||||
|
||||
@ -1,21 +0,0 @@
|
||||
\$php\_handling {#variable.php.handling}
|
||||
===============
|
||||
|
||||
This tells Smarty how to handle PHP code embedded in the templates.
|
||||
There are four possible settings, the default being
|
||||
`Smarty::PHP_PASSTHRU`. Note that this does NOT affect php code within
|
||||
[`{php}{/php}`](#language.function.php) tags in the template.
|
||||
|
||||
- `Smarty::PHP_PASSTHRU` - Smarty echos tags as-is.
|
||||
|
||||
- `Smarty::PHP_QUOTE` - Smarty quotes the tags as html entities.
|
||||
|
||||
- `Smarty::PHP_REMOVE` - Smarty removes the tags from the templates.
|
||||
|
||||
- `Smarty::PHP_ALLOW` - Smarty will execute the tags as PHP code.
|
||||
|
||||
> **Note**
|
||||
>
|
||||
> Embedding PHP code into templates is highly discouraged. Use [custom
|
||||
> functions](#plugins.functions) or [modifiers](#plugins.modifiers)
|
||||
> instead.
|
||||
@ -5,4 +5,4 @@
|
||||
array of all directories that are considered trusted. Trusted
|
||||
directories are where you keep php scripts that are executed directly
|
||||
from the templates with
|
||||
[`{include_php}`](#language.function.include.php).
|
||||
[`{insert}`](#language.function.insert.php).
|
||||
|
||||
@ -23,5 +23,4 @@ to determine the appropriate value automatically. If defined, the path
|
||||
|
||||
|
||||
|
||||
See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md) and
|
||||
[`$php_handling constants`](./api-variables/variable-php-handling.md)
|
||||
See also [`$smarty.const`](../designers/language-variables/language-variables-smarty.md).
|
||||
|
||||
@ -161,7 +161,6 @@ class Smarty_Internal_Templatelexer
|
||||
'COMMENT' => 'comment',
|
||||
'AS' => 'as',
|
||||
'TO' => 'to',
|
||||
'PHP' => '"<?php", "<%", "{php}" tag',
|
||||
'LOGOP' => '"<", "==" ... logical operator',
|
||||
'TLOGOP' => '"lt", "eq" ... logical operator; "is div by" ... if condition',
|
||||
'SCOND' => '"is even" ... if condition',
|
||||
|
||||
@ -555,35 +555,6 @@ class Smarty_Security
|
||||
throw new SmartyException("URI '{$uri}' not allowed by security setting");
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if directory of file resource is trusted.
|
||||
*
|
||||
* @param string $filepath
|
||||
*
|
||||
* @return boolean true if directory is trusted
|
||||
* @throws SmartyException if PHP directory is not trusted
|
||||
*/
|
||||
public function isTrustedPHPDir($filepath)
|
||||
{
|
||||
if (empty($this->trusted_dir)) {
|
||||
throw new SmartyException("directory '{$filepath}' not allowed by security setting (no trusted_dir specified)");
|
||||
}
|
||||
// check if index is outdated
|
||||
if (!$this->_trusted_dir || $this->_trusted_dir !== $this->trusted_dir) {
|
||||
$this->_php_resource_dir = array();
|
||||
$this->_trusted_dir = $this->trusted_dir;
|
||||
foreach ((array)$this->trusted_dir as $directory) {
|
||||
$directory = $this->smarty->_realpath($directory . '/', true);
|
||||
$this->_php_resource_dir[ $directory ] = true;
|
||||
}
|
||||
}
|
||||
$addPath = $this->_checkDir($filepath, $this->_php_resource_dir);
|
||||
if ($addPath !== false) {
|
||||
$this->_php_resource_dir = array_merge($this->_php_resource_dir, $addPath);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Remove old directories and its sub folders, add new directories
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user