direktori cari
Smarty模板编译引擎 I.开始 第一章. 什么是Smarty? 第二章. 安装 要求 基本安装 扩展设置 II.模板设计者篇 第三章.基本语法 注释 函数 属性 第四章.变量 从PHP分配的变量 Associative arrays Array indexes Objects 从配置文件读取的变量 {$smarty}保留变量 Request variables {$smarty.now} {$smarty.const} {$smarty.capture} {$smarty.config} {$smarty.section} {$smarty.template} 第五章.变量调节器 capitalize count_characters cat count_paragraphs count_sentences count_words date_format default escape indent lower nl2br regex_replace replace spacify string_format strip strip_tags truncate upper wordwrap 第六章.组合修改器 第七章.内建函数 capture config_load foreach include include_php insert if ldelim literal php section index index_prev index_next iteration first last rownum loop show total strip 第八章.自定义函数 assign counter cycle debug eval fetch html_checkboxes html_image html_options html_radios html_select_date html_select_time html_table math mailto popup_init popup textformat 第九章.配置文件 第十章.调试控制台 III.模板程序员篇 第十一章 常量 SMARTY_DIR 第十二章 变量 $template_dir $compile_dir $config_dir $plugins_dir $debugging $debug_tpl $debugging_ctrl $global_assign $undefined $autoload_filters $compile_check $force_compile $caching $cache_dir $cache_lifetime $cache_handler_func $cache_modified_check $config_overwrite $config_booleanize $config_read_hidden $config_fix_newlines $default_template_handler_func $php_handling $security $secure_dir $security_settings $trusted_dir $left_delimiter $right_delimiter $compiler_class $request_vars_order $compile_id $use_sub_dirs $default_modifiers $default_resource_type 第十三章.方法 append append_by_ref assign assign_by_ref clear_all_assign clear_all_cache clear_assign clear_cache clear_compiled_tpl clear_config config_load display fetch get_config_vars get_registered_object get_template_vars is_cached load_filter register_block register_compiler_function register_function register_modifier register_object register_outputfilter register_postfilter register_prefilter register_resource trigger_error template_exists unregister_block unregister_compiler_function unregister_function unregister_modifier unregister_object unregister_outputfilter unregister_postfilter unregister_prefilter unregister_resource 第十四章.缓存 Setting Up Caching Multiple Caches Per Page Cache Groups Controlling Cacheability of Plugins' Output 第十五章.高级特点 Objects Prefilters Postfilters Output Filters Cache Handler Function Resources Templates from $template_dir Templates from any directory Templates from other sources Default template handler function 第十六章.以插件扩展Smarty How Plugins Work Naming Conventions Writing Plugins Template Functions Modifiers Block Functions Compiler Functions Prefilters/Postfilters Output Filters Resources Inserts Ⅳ.高级特点 第十七章.疑难解答 Smarty/PHP errors 第18章.使用技巧和经验 Blank Variable Handling Default Variable Handling Passing variable title to header template Dates WAP/WML Componentized Templates Obfuscating E-mail Addresses 第十九章. 相关资源 第二十章. 漏洞
watak

$security
安全变量

$security true/false, default is false. Security is good for situations when you have untrusted parties editing the templates (via ftp for example) and you want to reduce the risk of system security compromises through the template language. Turning on security enforces the following rules to the template language, unless specifially overridden with $security_settings:
安全变量要么是真,要么是假.默认为假.当你不信任模板中的可编辑部分(例如通过ftp方式上传编辑的),并想通过模板语言减小系统非安全的风险时,安全变量设为真比较适合.设为真会将下面的规则强加于模板语言中,除非特别地用$security_settings覆盖.

  • If $php_handling is set to SMARTY_PHP_ALLOW, this is implicitly changed to SMARTY_PHP_PASSTHRU
    如果变量$php_handling设为了SMARTY_PHP_ALLOW,则会隐式地被修改成SMARTY_PHP_PASSTHRU

  • PHP functions are not allowed in IF statements, except those specified in the $security_settings
    PHP函数在IF语句中是不允许的,除了在$security_settings中另行指出.

  • templates can only be included from directories listed in the $secure_dir array
    模板仅可以包含于$secure_dir数组列出的目录中.

  • local files can only be fetched from directories listed in the $secure_dir array using {fetch}
    本地文件仅可以用{fetch}获取于$secure_dir数组列出的目录中.

  • {php}{/php} tags are not allowed
    不允许有{php}{/php}标记.

  • PHP functions are not allowed as modifiers, except those specified in the $security_settings
    PHP函数不允许作为修正器,除了在$security_settings中指出.

Artikel sebelumnya: Artikel seterusnya: