mirror of
https://github.com/smarty-php/smarty.git
synced 2025-10-04 08:10:55 +02:00
46 lines
1.8 KiB
XML
46 lines
1.8 KiB
XML
<?xml version="1.0" encoding="iso-8859-1"?>
|
|
<!-- $Revision$ -->
|
|
<sect1 id="variable.security">
|
|
<title>$security</title>
|
|
<para>
|
|
$security true/false, default is false. Security is good for
|
|
situations when you have untrusted parties editing the templates
|
|
(via ftp for example) and you want to reduce the risk of system
|
|
security compromises through the template language. Turning on
|
|
security enforces the following rules to the template language,
|
|
unless specifially overridden with $security_settings:
|
|
</para>
|
|
<itemizedlist>
|
|
<listitem><para>If $php_handling is set to SMARTY_PHP_ALLOW, this is
|
|
implicitly changed to SMARTY_PHP_PASSTHRU</para></listitem>
|
|
<listitem><para>PHP functions are not allowed in IF statements,
|
|
except those specified in the $security_settings</para></listitem>
|
|
<listitem><para>templates can only be included from directories
|
|
listed in the $secure_dir array</para></listitem>
|
|
<listitem><para>local files can only be fetched from directories
|
|
listed in the $secure_dir array using {fetch}</para></listitem>
|
|
<listitem><para>{php}{/php} tags are not allowed</para></listitem>
|
|
<listitem><para>PHP functions are not allowed as modifiers, except
|
|
those specified in the $security_settings</para></listitem>
|
|
</itemizedlist>
|
|
</sect1>
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
indent-tabs-mode:nil
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"../../../../manual.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
vim600: syn=xml fen fdm=syntax fdl=2 si
|
|
vim: et tw=78 syn=sgml
|
|
vi: ts=1 sw=1
|
|
--> |