smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-11-04 14:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b4209f8831d9da57883d1cf6348ad2441897f41b
smarty/docs/en/programmers/api-variables/variable-security.xml
messju a6e4f90a69 Lots of additional cross linking by Peter.
2005-05-23 15:43:01 +00:00

65 lines
2.1 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="iso-8859-1"?>
<!-- $Revision$ -->
<sect1 id="variable.security">
<title>$security</title>
<para>
$security true/false, default is false. Security is good for
situations when you have untrusted parties editing the templates
(via ftp for example) and you want to reduce the risk of system
security compromises through the template language. Turning on
security enforces the following rules to the template language,
unless specifially overridden with
<link linkend="variable.security.settings">$security_settings</link>:
</para>
<itemizedlist>
<listitem>
<para>If <link linkend="variable.php.handling">$php_handling</link>
is set to SMARTY_PHP_ALLOW, this is
implicitly changed to SMARTY_PHP_PASSTHRU
</para></listitem>
<listitem>
<para>
PHP functions are not allowed in <link
linkend="language.function.if">{if}</link> statements,
except those specified in the
<link linkend="variable.security.settings">$security_settings</link>
</para></listitem>
<listitem><para>
templates can only be included from directories
listed in the
<link linkend="variable.secure.dir">$secure_dir</link> array
</para></listitem>
<listitem><para>
local files can only be fetched from directories listed in the
<link linkend="variable.secure.dir">$secure_dir</link>
array using <link linkend="language.function.fetch">{fetch}</link>
</para></listitem>
<listitem><para>
<link linkend="language.function.php">{php}{/php}</link> tags are not allowed
</para></listitem>
<listitem><para>
PHP functions are not allowed as modifiers, except those specified in the
<link linkend="variable.security.settings">$security_settings</link>
</para></listitem>
</itemizedlist>
</sect1>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
indent-tabs-mode:nil
sgml-parent-document:nil
sgml-default-dtd-file:"../../../../manual.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
vim600: syn=xml fen fdm=syntax fdl=2 si
vim: et tw=78 syn=sgml
vi: ts=1 sw=1
-->
Reference in New Issue View Git Blame Copy Permalink