[pLog-svn] r1203 - in plog/trunk: . class/template
localetemplates/admin templates/summary
Oscar Renalias
oscar at renalias.net
Sat Feb 26 22:34:31 GMT 2005
yep, that fixed it. I decided to test this myself and indeed it did not
work. But adding a
$this->secure_dir = Array( "./templates/admin" );
to Template::Template() did the trick and now everything works as
expected :-)
Oscar
On 26 Feb 2005, at 19:44, Oscar Renalias wrote:
> What plugins are not working well? What was the error message?
>
> We might need to define a set of "trusted" folders where it is safe
> for smarty to load templates. Look at this attribute of the Smarty
> class: http://smarty.php.net/manual/en/variable.secure.dir.php
>
> Oscar
>
> On 26 Feb 2005, at 18:14, Mark Wu wrote:
>
>> Wow, I just see the impact by this patch, some plugins can not work
>> well,
>> unless I turn on this option. :(
>>
>> So, it only restict to {php}{/php} or also inlcude
>> {literal}{/literal} or
>> others? Lik {include ..}
>>
>> Mark
>>
>> -----Original Message-----
>> From: plog-svn-bounces at devel.plogworld.net
>> [mailto:plog-svn-bounces at devel.plogworld.net] On Behalf Of
>> oscar at devel.plogworld.net
>> Sent: Thursday, February 24, 2005 11:22 PM
>> To: plog-svn at devel.plogworld.net
>> Subject: [pLog-svn] r1203 - in plog/trunk: . class/template
>> localetemplates/admin templates/summary
>>
>> Author: oscar
>> Date: 2005-02-24 15:21:56 +0000 (Thu, 24 Feb 2005) New Revision: 1203
>>
>> Modified:
>> plog/trunk/class/template/template.class.php
>> plog/trunk/locale/locale_en_UK.php
>> plog/trunk/templates/admin/globalsettings_templates.template
>> plog/trunk/templates/summary/pager.template
>> plog/trunk/wizard.php
>> Log:
>> now php code is not allowed by default in smarty templates. In order
>> to
>> reenable this feature, set administration->global settings->template
>> settings->allow_php_code_in_templates
>> to true.
>> A new locale string was needed (help_allow_php_code_in_templates) and
>> the
>> wizard has also been modified in order to add this new setting to the
>> plog_config table.
>>
>>
>> Modified: plog/trunk/class/template/template.class.php
>> ===================================================================
>> --- plog/trunk/class/template/template.class.php 2005-02-24 08:17:09
>> UTC (rev 1202)
>> +++ plog/trunk/class/template/template.class.php 2005-02-24 15:21:56
>> UTC (rev 1203)
>> @@ -51,6 +51,14 @@
>>
>> // enable the security settings
>> $this->php_handling = false;
>> + // code is not allowed in the templates by default,
>> unless
>> specified otherwise
>> + /*if( $config->getValue( 'allow_php_code_in_templates',
>> false
>> ))
>> + $this->security = true;
>> + else
>> + $this->security = false;*/
>> +
>> + $this->security = (boolean)!$config->getValue(
>> 'allow_php_code_in_templates', false );
>> + //$this->security = true;
>>
>> // default folders
>> $this->compile_dir = $config->getValue( 'temp_folder' );
>>
>> Modified: plog/trunk/locale/locale_en_UK.php
>> ===================================================================
>> --- plog/trunk/locale/locale_en_UK.php 2005-02-24 08:17:09 UTC (rev
>> 1202)
>> +++ plog/trunk/locale/locale_en_UK.php 2005-02-24 15:21:56 UTC (rev
>> 1203)
>> @@ -724,6 +724,7 @@
>> $messages['help_template_cache_enabled'] = 'Enable the template
>> cache. If
>> enabled, the cached version of a page will be used whenever possible.
>> No
>> data will need to be fetched from the database and templates will not
>> need
>> to be recompiled'; $messages['help_template_cache_lifetime'] =
>> 'Lifetime in
>> seconds of the cache. Set to -1 to force the cache to never expire.
>> If set
>> to 0, the cache will be disabled but it is recommended to set
>> template_cache_enabled to "No" in order to disable the cache';
>> $messages['help_template_http_cache_enabled'] = 'Enable support for
>> HTTP
>> conditional requests. If enabled, pLog will take the
>> "If-Modified-Since"
>> HTTP header into account and send only content if strictly needed.
>> Enable
>> this to save bandwidth';
>> +$messages['help_allow_php_code_in_templates'] = 'Allows to embed
>> native
>> +PHP code in Smarty templates inside {php}...{/php} blocks';
>> // urls
>> $messages['help_request_format_mode'] = 'Select one of the available
>> URL
>> format. If using custom URLs, make sure to configure the settings
>> below';
>> $messages['plain'] = 'Plain';
>>
>> Modified: plog/trunk/templates/admin/globalsettings_templates.template
>> ===================================================================
>> --- plog/trunk/templates/admin/globalsettings_templates.template
>> 2005-02-24 08:17:09 UTC (rev 1202)
>> +++ plog/trunk/templates/admin/globalsettings_templates.template
>> 2005-02-24 15:21:56 UTC (rev 1203)
>> @@ -25,6 +25,13 @@
>> <input class="radio" type="radio"
>> id="config[users_can_add_templates]"
>> name="config[users_can_add_templates]" value="1" {if
>> $users_can_add_templates == 1 } checked="checked" {/if}
>> />{$locale->tr("yes")}
>> <input class="radio" type="radio"
>> id="config[users_can_add_templates]"
>> name="config[users_can_add_templates]" value="0" {if
>> $users_can_add_templates == 0 } checked="checked" {/if}
>> />{$locale->tr("no")}
>> </div>
>> + <!-- allow_php_code_in_templates -->
>> + <div class="field">
>> + <label
>> for="config[allow_php_code_in_templates]">allow_php_code_in_templates<
>> /label
>>>
>> + <div
>> class="formHelp">{$locale->tr("help_allow_php_code_in_templates")}</
>> div>
>> + <input class="radio" type="radio"
>> id="config[allow_php_code_in_templates]"
>> name="config[allow_php_code_in_templates]" value="1" {if
>> $allow_php_code_in_templates == 1 } checked="checked" {/if}
>> />{$locale->tr("yes")}
>> + <input class="radio" type="radio"
>> id="config[allow_php_code_in_templates]"
>> name="config[allow_php_code_in_templates]" value="0" {if
>> $allow_php_code_in_templates == 0 } checked="checked" {/if}
>> />{$locale->tr("no")}
>> + </div>
>> <!-- template_compile_check -->
>> <div class="field">
>> <label
>> for="config[template_compile_check]">template_compile_check</label>
>>
>> Modified: plog/trunk/templates/summary/pager.template
>> ===================================================================
>> --- plog/trunk/templates/summary/pager.template 2005-02-24 08:17:09
>> UTC (rev
>> 1202)
>> +++ plog/trunk/templates/summary/pager.template 2005-02-24 15:21:56
>> UTC (rev
>> 1203)
>> @@ -1,4 +1,4 @@
>> -{if $style=="list" || style==""}
>> +{if $style=="list" || $style==""}
>> <script type="text/javascript">
>> {literal}
>> function onPagerListChange(list)
>>
>> Modified: plog/trunk/wizard.php
>> ===================================================================
>> --- plog/trunk/wizard.php 2005-02-24 08:17:09 UTC (rev 1202)
>> +++ plog/trunk/wizard.php 2005-02-24 15:21:56 UTC (rev 1203)
>> @@ -626,6 +626,7 @@
>> $Inserts[107] = "INSERT INTO {dbprefix}config (config_key,
>> config_value,
>> value_type) VALUES('template_http_cache_enabled', '0', 1);";
>> $Inserts[108]
>> = "INSERT INTO {dbprefix}config (config_key, config_value, value_type)
>> VALUES('template_compile_check', '1', 1);"; $Inserts[109] = "INSERT
>> INTO
>> {dbprefix}config (config_key, config_value, value_type)
>> VALUES('update_cached_article_reads', '1', 1);";
>> +$Inserts[110] = "INSERT INTO {dbprefix}config (config_key,
>> +config_value, value_type) VALUES('allow_php_code_in_templates', '0',
>> +1);";
>>
>>
>> /**
>> @@ -1397,7 +1398,7 @@
>> // ---
>> // add the new configuration settings that were added
>> for 1.0
>> // ---
>> - $newSettings = range( 71, 109 );
>> + $newSettings = range( 71, 110 );
>> foreach( $newSettings as $settingId ) {
>> $setting = $Inserts[$settingId];
>> $query = str_replace( "{dbprefix}", $this->_dbPrefix,
>> $setting );
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.plogworld.net
>> http://devel.plogworld.net/mailman/listinfo/plog-svn
>>
>> _______________________________________________
>> pLog-svn mailing list
>> pLog-svn at devel.plogworld.net
>> http://devel.plogworld.net/mailman/listinfo/plog-svn
>>
>
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list