[pLog-general] how to protect your site?
Jon Daley
plogworld at daley.snurgle.org
Thu Feb 24 14:17:13 GMT 2005
{php} is enabled by default, because security is disabled.
When I enabled it on my machine, I got a strange error on "new post",
where the javascript preview function popped up an error box.
Unfortunately, I didn't write down the error message at the time, had some
stuff about NS_ error.
And now I can't get it to happen again.
I erased my cache and tried again, with no luck in making it fail.
Perhaps we can just set this to true? There are some other related
settings regarding trusted and untrusted directories.
Enabling it does disable the {php} tags.
See Smarty.class.php:
/**
* This enables template security. When enabled, many
* things are restricted in the templates that
* normally would go unchecked. This is useful when
* untrusted parties are editing templates and you
* want a reasonable level of security.
* (no direct execution of PHP in templates for example)
*/
var $security = false;
On Thu, 24 Feb 2005, Oscar Renalias wrote:
> 5) unless explicitely enabled, smarty should not allow users to
> execute php code via {php}...{/php} tags
**************************************************************
* Jonathan M. Daley * Everybody is ignorant, only *
* jondaley at snurgle.org * on different subjects. *
* www.snurgle.org/~jondaley * -- Will Rogers *
**************************************************************
More information about the pLog-general
mailing list