[pLog-svn] r1203 - in plog/trunk: . class/template localetemplates/admin templates/summary

Oscar Renalias oscar at renalias.net
Sat Feb 26 22:34:31 GMT 2005 

yep, that fixed it. I decided to test this myself and indeed it did not  
work. But adding a

$this->secure_dir = Array( "./templates/admin" );

to Template::Template() did the trick and now everything works as  
expected :-)

Oscar

On 26 Feb 2005, at 19:44, Oscar Renalias wrote:

> What plugins are not working well? What was the error message?
>
> We might need to define a set of "trusted" folders where it is safe  
> for smarty to load templates. Look at this attribute of the Smarty  
> class: http://smarty.php.net/manual/en/variable.secure.dir.php
>
> Oscar
>
> On 26 Feb 2005, at 18:14, Mark Wu wrote:
>
>> Wow, I just see the impact by this patch, some plugins can not work  
>> well,
>> unless I turn on this option. :(
>>
>> So, it only restict to {php}{/php} or also inlcude  
>> {literal}{/literal} or
>> others? Lik {include ..}
>>
>> Mark
>>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.plogworld.net
>> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of
>> oscar at devel.plogworld.net
>> Sent: Thursday, February 24, 2005 11:22 PM
>> To: plog-svn at devel.plogworld.net
>> Subject: [pLog-svn] r1203 - in plog/trunk: . class/template
>> localetemplates/admin templates/summary
>>
>> Author: oscar
>> Date: 2005-02-24 15:21:56 +0000 (Thu, 24 Feb 2005) New Revision: 1203
>>
>> Modified:
>>    plog/trunk/class/template/template.class.php
>>    plog/trunk/locale/locale_en_UK.php
>>    plog/trunk/templates/admin/globalsettings_templates.template
>>    plog/trunk/templates/summary/pager.template
>>    plog/trunk/wizard.php
>> Log:
>> now php code is not allowed by default in smarty templates. In order  
>> to
>> reenable this feature, set administration->global settings->template
>> settings->allow_php_code_in_templates
>> to true.
>> A new locale string was needed (help_allow_php_code_in_templates) and  
>> the
>> wizard has also been modified in order to add this new setting to the
>> plog_config table.
>>
>>
>> Modified: plog/trunk/class/template/template.class.php
>> ===================================================================
>> --- plog/trunk/class/template/template.class.php	2005-02-24 08:17:09
>> UTC (rev 1202)
>> +++ plog/trunk/class/template/template.class.php	2005-02-24 15:21:56
>> UTC (rev 1203)
>> @@ -51,6 +51,14 @@
>>
>>              // enable the security settings
>>              $this->php_handling = false;
>> +            // code is not allowed in the templates by default,  
>> unless
>> specified otherwise
>> +            /*if( $config->getValue( 'allow_php_code_in_templates',  
>> false
>> ))
>> +            	$this->security = true;
>> +            else
>> +            	$this->security = false;*/
>> +            	
>> +            $this->security = (boolean)!$config->getValue(
>> 'allow_php_code_in_templates', false );
>> +            //$this->security = true;
>>
>>              // default folders
>>              $this->compile_dir  = $config->getValue( 'temp_folder' );
>>
>> Modified: plog/trunk/locale/locale_en_UK.php
>> ===================================================================
>> --- plog/trunk/locale/locale_en_UK.php	2005-02-24 08:17:09 UTC (rev  
>> 1202)
>> +++ plog/trunk/locale/locale_en_UK.php	2005-02-24 15:21:56 UTC (rev  
>> 1203)
>> @@ -724,6 +724,7 @@
>>  $messages['help_template_cache_enabled'] = 'Enable the template  
>> cache. If
>> enabled, the cached version of a page will be used whenever possible.  
>> No
>> data will need to be fetched from the database and templates will not  
>> need
>> to be recompiled';  $messages['help_template_cache_lifetime'] =  
>> 'Lifetime in
>> seconds of the cache. Set to -1 to force the cache to never expire.  
>> If set
>> to 0, the cache will be disabled but it is recommended to set
>> template_cache_enabled to "No" in order to disable the cache';
>> $messages['help_template_http_cache_enabled'] = 'Enable support for  
>> HTTP
>> conditional requests. If enabled, pLog will take the  
>> "If-Modified-Since"
>> HTTP header into account and send only content if strictly needed.  
>> Enable
>> this to save bandwidth';
>> +$messages['help_allow_php_code_in_templates'] = 'Allows to embed  
>> native
>> +PHP code in Smarty templates inside {php}...{/php} blocks';
>>  // urls
>>  $messages['help_request_format_mode'] = 'Select one of the available  
>> URL
>> format. If using custom URLs, make sure to configure the settings  
>> below';
>> $messages['plain'] = 'Plain';
>>
>> Modified: plog/trunk/templates/admin/globalsettings_templates.template
>> ===================================================================
>> --- plog/trunk/templates/admin/globalsettings_templates.template
>> 2005-02-24 08:17:09 UTC (rev 1202)
>> +++ plog/trunk/templates/admin/globalsettings_templates.template
>> 2005-02-24 15:21:56 UTC (rev 1203)
>> @@ -25,6 +25,13 @@
>>      <input class="radio" type="radio"  
>> id="config[users_can_add_templates]"
>> name="config[users_can_add_templates]" value="1" {if
>> $users_can_add_templates == 1 } checked="checked" {/if}
>> />{$locale->tr("yes")}
>>      <input class="radio" type="radio"  
>> id="config[users_can_add_templates]"
>> name="config[users_can_add_templates]" value="0" {if
>> $users_can_add_templates == 0 } checked="checked" {/if}
>> />{$locale->tr("no")}
>>     </div>
>> +   <!-- allow_php_code_in_templates -->
>> +   <div class="field">
>> +    <label
>> for="config[allow_php_code_in_templates]">allow_php_code_in_templates< 
>> /label
>>>
>> +    <div
>> class="formHelp">{$locale->tr("help_allow_php_code_in_templates")}</ 
>> div>
>> +    <input class="radio" type="radio"
>> id="config[allow_php_code_in_templates]"
>> name="config[allow_php_code_in_templates]" value="1" {if
>> $allow_php_code_in_templates == 1 } checked="checked" {/if}
>> />{$locale->tr("yes")}
>> +    <input class="radio" type="radio"
>> id="config[allow_php_code_in_templates]"
>> name="config[allow_php_code_in_templates]" value="0" {if
>> $allow_php_code_in_templates == 0 } checked="checked" {/if}
>> />{$locale->tr("no")}
>> +   </div>
>>     <!-- template_compile_check -->
>>     <div class="field">
>>      <label
>> for="config[template_compile_check]">template_compile_check</label>
>>
>> Modified: plog/trunk/templates/summary/pager.template
>> ===================================================================
>> --- plog/trunk/templates/summary/pager.template	2005-02-24 08:17:09  
>> UTC (rev
>> 1202)
>> +++ plog/trunk/templates/summary/pager.template	2005-02-24 15:21:56  
>> UTC (rev
>> 1203)
>> @@ -1,4 +1,4 @@
>> -{if $style=="list" || style==""}
>> +{if $style=="list" || $style==""}
>>  	<script type="text/javascript">
>>  		{literal}
>>  		function onPagerListChange(list)
>>
>> Modified: plog/trunk/wizard.php
>> ===================================================================
>> --- plog/trunk/wizard.php	2005-02-24 08:17:09 UTC (rev 1202)
>> +++ plog/trunk/wizard.php	2005-02-24 15:21:56 UTC (rev 1203)
>> @@ -626,6 +626,7 @@
>>  $Inserts[107] = "INSERT INTO {dbprefix}config (config_key,  
>> config_value,
>> value_type) VALUES('template_http_cache_enabled', '0', 1);";   
>> $Inserts[108]
>> = "INSERT INTO {dbprefix}config (config_key, config_value, value_type)
>> VALUES('template_compile_check', '1', 1);";  $Inserts[109] = "INSERT  
>> INTO
>> {dbprefix}config (config_key, config_value, value_type)
>> VALUES('update_cached_article_reads', '1', 1);";
>> +$Inserts[110] = "INSERT INTO {dbprefix}config (config_key,
>> +config_value, value_type) VALUES('allow_php_code_in_templates', '0',
>> +1);";
>>
>>
>>  	/**
>> @@ -1397,7 +1398,7 @@
>>              // ---
>>              // add the new configuration settings that were added  
>> for 1.0
>>              // ---
>> -            $newSettings = range( 71, 109 );
>> +            $newSettings = range( 71, 110 );
>>              foreach( $newSettings as $settingId ) {
>>                  $setting = $Inserts[$settingId];
>>                  $query = str_replace( "{dbprefix}", $this->_dbPrefix,
>> $setting );
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.plogworld.net
>> http://devel.plogworld.net/mailman/listinfo/plog-svn
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.plogworld.net
>> http://devel.plogworld.net/mailman/listinfo/plog-svn
>>
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn
>

More information about the pLog-svn mailing list