[pLog-general] how to protect your site?
Jon Daley
plogworld at daley.snurgle.org
Thu Feb 24 14:26:32 GMT 2005
That seems reasonable, as long as the configuration option says,
"Danger, Will Robinson, Danger. Are you sure you know what you are
doing??"
(:
On Thu, 24 Feb 2005, Oscar Renalias wrote:
> It definitely should be enabled by default, but perhaps we could add a
> configuration option to easily enable/disable this feature?
>
> Oscar
>
>
> On Thu, 24 Feb 2005 09:17:13 -0500 (EST), Jon Daley
> <plogworld at daley.snurgle.org> wrote:
>> {php} is enabled by default, because security is disabled.
>> When I enabled it on my machine, I got a strange error on "new post",
>> where the javascript preview function popped up an error box.
>> Unfortunately, I didn't write down the error message at the time, had some
>> stuff about NS_ error.
>>
>> And now I can't get it to happen again.
>>
>> I erased my cache and tried again, with no luck in making it fail.
>>
>> Perhaps we can just set this to true? There are some other related
>> settings regarding trusted and untrusted directories.
>>
>> Enabling it does disable the {php} tags.
>>
>> See Smarty.class.php:
>> /**
>> * This enables template security. When enabled, many
>> * things are restricted in the templates that
>> * normally would go unchecked. This is useful when
>> * untrusted parties are editing templates and you
>> * want a reasonable level of security.
>> * (no direct execution of PHP in templates for example)
>> */
>> var $security = false;
>>
>>
>> On Thu, 24 Feb 2005, Oscar Renalias wrote:
>>> 5) unless explicitely enabled, smarty should not allow users to
>>> execute php code via {php}...{/php} tags
>>
>> **************************************************************
>> * Jonathan M. Daley * Everybody is ignorant, only *
>> * jondaley at snurgle.org * on different subjects. *
>> * www.snurgle.org/~jondaley * -- Will Rogers *
>> **************************************************************
>> _______________________________________________
>> pLog-general mailing list
>> pLog-general at devel.plogworld.net
>> http://devel.plogworld.net/mailman/listinfo/plog-general
>>
> _______________________________________________
> pLog-general mailing list
> pLog-general at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-general
>
**************************************************************
* Jonathan M. Daley * Needs are a function of what *
* jondaley at snurgle.org * other people have. *
* www.snurgle.org/~jondaley * -- Jone's Principle *
**************************************************************
More information about the pLog-general
mailing list