[pLog-svn] r1203 - in plog/trunk: . class/template locale
templates/admin templates/summary
Oscar Renalias
phunkphorce at gmail.com
Fri Feb 25 07:42:21 GMT 2005
where were all your template files? Was it jondaley/ for all of them?
There might be some issues with your are using for example
templates/my_template and try to include something from
templates/my_other_template... This could also help to prevent things
like
{include file="/etc/passwd"}
which should work in 0.3.x releases...(and which is quite dangerous too!)
Oscar
On Thu, 24 Feb 2005 15:52:28 -0500 (EST), Jon Daley
<plogworld at daley.snurgle.org> wrote:
> Oops. This broke my installation. I just got the latest, and I
> went to one page (perhaps cached) posted a comment. Then I got:
>
> Exception message: Smarty error: (secure mode) accessing
> "jondaley/postandcomments.template" is not allowed
> Error code: 512
>
> The comment was posted, so the data was not lost.
>
>
> On Thu, 24 Feb 2005 oscar at devel.plogworld.net wrote:
>
> > Author: oscar
> > Date: 2005-02-24 15:21:56 +0000 (Thu, 24 Feb 2005)
> > New Revision: 1203
> >
> > Modified:
> > plog/trunk/class/template/template.class.php
> > plog/trunk/locale/locale_en_UK.php
> > plog/trunk/templates/admin/globalsettings_templates.template
> > plog/trunk/templates/summary/pager.template
> > plog/trunk/wizard.php
> > Log:
> > now php code is not allowed by default in smarty templates. In order to
> > reenable this feature, set administration->global settings->template settings->allow_php_code_in_templates
> > to true.
> > A new locale string was needed (help_allow_php_code_in_templates) and the
> > wizard has also been modified in order to add this new setting to the plog_config table.
> >
> >
> > Modified: plog/trunk/class/template/template.class.php
> > ===================================================================
> > --- plog/trunk/class/template/template.class.php 2005-02-24 08:17:09 UTC (rev 1202)
> > +++ plog/trunk/class/template/template.class.php 2005-02-24 15:21:56 UTC (rev 1203)
> > @@ -51,6 +51,14 @@
> >
> > // enable the security settings
> > $this->php_handling = false;
> > + // code is not allowed in the templates by default, unless specified otherwise
> > + /*if( $config->getValue( 'allow_php_code_in_templates', false ))
> > + $this->security = true;
> > + else
> > + $this->security = false;*/
> > +
> > + $this->security = (boolean)!$config->getValue( 'allow_php_code_in_templates', false );
> > + //$this->security = true;
> >
> > // default folders
> > $this->compile_dir = $config->getValue( 'temp_folder' );
> >
> > Modified: plog/trunk/locale/locale_en_UK.php
> > ===================================================================
> > --- plog/trunk/locale/locale_en_UK.php 2005-02-24 08:17:09 UTC (rev 1202)
> > +++ plog/trunk/locale/locale_en_UK.php 2005-02-24 15:21:56 UTC (rev 1203)
> > @@ -724,6 +724,7 @@
> > $messages['help_template_cache_enabled'] = 'Enable the template cache. If enabled, the cached version of a page will be used whenever possible. No data will need to be fetched from the database and templates will not need to be recompiled';
> > $messages['help_template_cache_lifetime'] = 'Lifetime in seconds of the cache. Set to -1 to force the cache to never expire. If set to 0, the cache will be disabled but it is recommended to set template_cache_enabled to "No" in order to disable the cache';
> > $messages['help_template_http_cache_enabled'] = 'Enable support for HTTP conditional requests. If enabled, pLog will take the "If-Modified-Since" HTTP header into account and send only content if strictly needed. Enable this to save bandwidth';
> > +$messages['help_allow_php_code_in_templates'] = 'Allows to embed native PHP code in Smarty templates inside {php}...{/php} blocks';
> > // urls
> > $messages['help_request_format_mode'] = 'Select one of the available URL format. If using custom URLs, make sure to configure the settings below';
> > $messages['plain'] = 'Plain';
> >
> > Modified: plog/trunk/templates/admin/globalsettings_templates.template
> > ===================================================================
> > --- plog/trunk/templates/admin/globalsettings_templates.template 2005-02-24 08:17:09 UTC (rev 1202)
> > +++ plog/trunk/templates/admin/globalsettings_templates.template 2005-02-24 15:21:56 UTC (rev 1203)
> > @@ -25,6 +25,13 @@
> > <input class="radio" type="radio" id="config[users_can_add_templates]" name="config[users_can_add_templates]" value="1" {if $users_can_add_templates == 1 } checked="checked" {/if} />{$locale->tr("yes")}
> > <input class="radio" type="radio" id="config[users_can_add_templates]" name="config[users_can_add_templates]" value="0" {if $users_can_add_templates == 0 } checked="checked" {/if} />{$locale->tr("no")}
> > </div>
> > + <!-- allow_php_code_in_templates -->
> > + <div class="field">
> > + <label for="config[allow_php_code_in_templates]">allow_php_code_in_templates</label>
> > + <div class="formHelp">{$locale->tr("help_allow_php_code_in_templates")}</div>
> > + <input class="radio" type="radio" id="config[allow_php_code_in_templates]" name="config[allow_php_code_in_templates]" value="1" {if $allow_php_code_in_templates == 1 } checked="checked" {/if} />{$locale->tr("yes")}
> > + <input class="radio" type="radio" id="config[allow_php_code_in_templates]" name="config[allow_php_code_in_templates]" value="0" {if $allow_php_code_in_templates == 0 } checked="checked" {/if} />{$locale->tr("no")}
> > + </div>
> > <!-- template_compile_check -->
> > <div class="field">
> > <label for="config[template_compile_check]">template_compile_check</label>
> >
> > Modified: plog/trunk/templates/summary/pager.template
> > ===================================================================
> > --- plog/trunk/templates/summary/pager.template 2005-02-24 08:17:09 UTC (rev 1202)
> > +++ plog/trunk/templates/summary/pager.template 2005-02-24 15:21:56 UTC (rev 1203)
> > @@ -1,4 +1,4 @@
> > -{if $style=="list" || style==""}
> > +{if $style=="list" || $style==""}
> > <script type="text/javascript">
> > {literal}
> > function onPagerListChange(list)
> >
> > Modified: plog/trunk/wizard.php
> > ===================================================================
> > --- plog/trunk/wizard.php 2005-02-24 08:17:09 UTC (rev 1202)
> > +++ plog/trunk/wizard.php 2005-02-24 15:21:56 UTC (rev 1203)
> > @@ -626,6 +626,7 @@
> > $Inserts[107] = "INSERT INTO {dbprefix}config (config_key, config_value, value_type) VALUES('template_http_cache_enabled', '0', 1);";
> > $Inserts[108] = "INSERT INTO {dbprefix}config (config_key, config_value, value_type) VALUES('template_compile_check', '1', 1);";
> > $Inserts[109] = "INSERT INTO {dbprefix}config (config_key, config_value, value_type) VALUES('update_cached_article_reads', '1', 1);";
> > +$Inserts[110] = "INSERT INTO {dbprefix}config (config_key, config_value, value_type) VALUES('allow_php_code_in_templates', '0', 1);";
> >
> >
> > /**
> > @@ -1397,7 +1398,7 @@
> > // ---
> > // add the new configuration settings that were added for 1.0
> > // ---
> > - $newSettings = range( 71, 109 );
> > + $newSettings = range( 71, 110 );
> > foreach( $newSettings as $settingId ) {
> > $setting = $Inserts[$settingId];
> > $query = str_replace( "{dbprefix}", $this->_dbPrefix, $setting );
> >
> > _______________________________________________
> > pLog-svn mailing list
> > pLog-svn at devel.plogworld.net
> > http://devel.plogworld.net/mailman/listinfo/plog-svn
> >
>
> **************************************************************
> * Jonathan M. Daley * Time is nature's way of *
> * * keeping everything from *
> * jondaley at snurgle.org * happening at once. *
> * * -- Woody Allen *
> * www.snurgle.org/~jondaley * *
> **************************************************************
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list