$security

$security

$security true/false, default is false. Security is good for situations when you have untrusted parties editing the templates (via ftp for example) and you want to reduce the risk of system security compromises through the template language. Turning on security enforces the following rules to the template language, unless specifially overridden with $security_settings:

  • If $php_handling is set to SMARTY_PHP_ALLOW, this is implicitly changed to SMARTY_PHP_PASSTHRU

  • PHP functions are not allowed in {if} statements, except those specified in the $security_settings

  • templates can only be included from directories listed in the $secure_dir array

  • local files can only be fetched from directories listed in the $secure_dir array using {fetch}

  • {php}{/php} tags are not allowed

  • PHP functions are not allowed as modifiers, except those specified in the $security_settings

© Copyright 2003-2014 www.php-editors.com. The ultimate PHP Editor and PHP IDE site.