[pLog-svn] r1203 - in plog/trunk: . class/template localetemplates/admin templates/summary

Oscar Renalias oscar at renalias.net
Sat Feb 26 17:44:32 GMT 2005 

What plugins are not working well? What was the error message?

We might need to define a set of "trusted" folders where it is safe for  
smarty to load templates. Look at this attribute of the Smarty class:  
http://smarty.php.net/manual/en/variable.secure.dir.php

Oscar

On 26 Feb 2005, at 18:14, Mark Wu wrote:

> Wow, I just see the impact by this patch, some plugins can not work  
> well,
> unless I turn on this option. :(
>
> So, it only restict to {php}{/php} or also inlcude {literal}{/literal}  
> or
> others? Lik {include ..}
>
> Mark
>
> -----Original Message-----
> From: plog-svn-bounces at devel.plogworld.net
> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of
> oscar at devel.plogworld.net
> Sent: Thursday, February 24, 2005 11:22 PM
> To: plog-svn at devel.plogworld.net
> Subject: [pLog-svn] r1203 - in plog/trunk: . class/template
> localetemplates/admin templates/summary
>
> Author: oscar
> Date: 2005-02-24 15:21:56 +0000 (Thu, 24 Feb 2005) New Revision: 1203
>
> Modified:
>    plog/trunk/class/template/template.class.php
>    plog/trunk/locale/locale_en_UK.php
>    plog/trunk/templates/admin/globalsettings_templates.template
>    plog/trunk/templates/summary/pager.template
>    plog/trunk/wizard.php
> Log:
> now php code is not allowed by default in smarty templates. In order to
> reenable this feature, set administration->global settings->template
> settings->allow_php_code_in_templates
> to true.
> A new locale string was needed (help_allow_php_code_in_templates) and  
> the
> wizard has also been modified in order to add this new setting to the
> plog_config table.
>
>
> Modified: plog/trunk/class/template/template.class.php
> ===================================================================
> --- plog/trunk/class/template/template.class.php	2005-02-24 08:17:09
> UTC (rev 1202)
> +++ plog/trunk/class/template/template.class.php	2005-02-24 15:21:56
> UTC (rev 1203)
> @@ -51,6 +51,14 @@
>
>              // enable the security settings
>              $this->php_handling = false;
> +            // code is not allowed in the templates by default, unless
> specified otherwise
> +            /*if( $config->getValue( 'allow_php_code_in_templates',  
> false
> ))
> +            	$this->security = true;
> +            else
> +            	$this->security = false;*/
> +            	
> +            $this->security = (boolean)!$config->getValue(
> 'allow_php_code_in_templates', false );
> +            //$this->security = true;
>
>              // default folders
>              $this->compile_dir  = $config->getValue( 'temp_folder' );
>
> Modified: plog/trunk/locale/locale_en_UK.php
> ===================================================================
> --- plog/trunk/locale/locale_en_UK.php	2005-02-24 08:17:09 UTC (rev  
> 1202)
> +++ plog/trunk/locale/locale_en_UK.php	2005-02-24 15:21:56 UTC (rev  
> 1203)
> @@ -724,6 +724,7 @@
>  $messages['help_template_cache_enabled'] = 'Enable the template  
> cache. If
> enabled, the cached version of a page will be used whenever possible.  
> No
> data will need to be fetched from the database and templates will not  
> need
> to be recompiled';  $messages['help_template_cache_lifetime'] =  
> 'Lifetime in
> seconds of the cache. Set to -1 to force the cache to never expire. If  
> set
> to 0, the cache will be disabled but it is recommended to set
> template_cache_enabled to "No" in order to disable the cache';
> $messages['help_template_http_cache_enabled'] = 'Enable support for  
> HTTP
> conditional requests. If enabled, pLog will take the  
> "If-Modified-Since"
> HTTP header into account and send only content if strictly needed.  
> Enable
> this to save bandwidth';
> +$messages['help_allow_php_code_in_templates'] = 'Allows to embed  
> native
> +PHP code in Smarty templates inside {php}...{/php} blocks';
>  // urls
>  $messages['help_request_format_mode'] = 'Select one of the available  
> URL
> format. If using custom URLs, make sure to configure the settings  
> below';
> $messages['plain'] = 'Plain';
>
> Modified: plog/trunk/templates/admin/globalsettings_templates.template
> ===================================================================
> --- plog/trunk/templates/admin/globalsettings_templates.template
> 2005-02-24 08:17:09 UTC (rev 1202)
> +++ plog/trunk/templates/admin/globalsettings_templates.template
> 2005-02-24 15:21:56 UTC (rev 1203)
> @@ -25,6 +25,13 @@
>      <input class="radio" type="radio"  
> id="config[users_can_add_templates]"
> name="config[users_can_add_templates]" value="1" {if
> $users_can_add_templates == 1 } checked="checked" {/if}
> />{$locale->tr("yes")}
>      <input class="radio" type="radio"  
> id="config[users_can_add_templates]"
> name="config[users_can_add_templates]" value="0" {if
> $users_can_add_templates == 0 } checked="checked" {/if}
> />{$locale->tr("no")}
>     </div>
> +   <!-- allow_php_code_in_templates -->
> +   <div class="field">
> +    <label
> for="config[allow_php_code_in_templates]">allow_php_code_in_templates</ 
> label
>>
> +    <div
> class="formHelp">{$locale->tr("help_allow_php_code_in_templates")}</ 
> div>
> +    <input class="radio" type="radio"
> id="config[allow_php_code_in_templates]"
> name="config[allow_php_code_in_templates]" value="1" {if
> $allow_php_code_in_templates == 1 } checked="checked" {/if}
> />{$locale->tr("yes")}
> +    <input class="radio" type="radio"
> id="config[allow_php_code_in_templates]"
> name="config[allow_php_code_in_templates]" value="0" {if
> $allow_php_code_in_templates == 0 } checked="checked" {/if}
> />{$locale->tr("no")}
> +   </div>
>     <!-- template_compile_check -->
>     <div class="field">
>      <label
> for="config[template_compile_check]">template_compile_check</label>
>
> Modified: plog/trunk/templates/summary/pager.template
> ===================================================================
> --- plog/trunk/templates/summary/pager.template	2005-02-24 08:17:09  
> UTC (rev
> 1202)
> +++ plog/trunk/templates/summary/pager.template	2005-02-24 15:21:56  
> UTC (rev
> 1203)
> @@ -1,4 +1,4 @@
> -{if $style=="list" || style==""}
> +{if $style=="list" || $style==""}
>  	<script type="text/javascript">
>  		{literal}
>  		function onPagerListChange(list)
>
> Modified: plog/trunk/wizard.php
> ===================================================================
> --- plog/trunk/wizard.php	2005-02-24 08:17:09 UTC (rev 1202)
> +++ plog/trunk/wizard.php	2005-02-24 15:21:56 UTC (rev 1203)
> @@ -626,6 +626,7 @@
>  $Inserts[107] = "INSERT INTO {dbprefix}config (config_key,  
> config_value,
> value_type) VALUES('template_http_cache_enabled', '0', 1);";   
> $Inserts[108]
> = "INSERT INTO {dbprefix}config (config_key, config_value, value_type)
> VALUES('template_compile_check', '1', 1);";  $Inserts[109] = "INSERT  
> INTO
> {dbprefix}config (config_key, config_value, value_type)
> VALUES('update_cached_article_reads', '1', 1);";
> +$Inserts[110] = "INSERT INTO {dbprefix}config (config_key,
> +config_value, value_type) VALUES('allow_php_code_in_templates', '0',
> +1);";
>
>
>  	/**
> @@ -1397,7 +1398,7 @@
>              // ---
>              // add the new configuration settings that were added for  
> 1.0
>              // ---
> -            $newSettings = range( 71, 109 );
> +            $newSettings = range( 71, 110 );
>              foreach( $newSettings as $settingId ) {
>                  $setting = $Inserts[$settingId];
>                  $query = str_replace( "{dbprefix}", $this->_dbPrefix,
> $setting );
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn
>

More information about the pLog-svn mailing list