If you really want to change the extension, you have to create your own
view class. Something like this should work:
/app/views/app.php
------------------------------------------------------
class AppView extends View
{
var $ext = '.php';
}
/app/app_controller.php
------------------------------------------------------
class AppController extends Controller
{
var $view = 'App';
}
I haven't tested it, but the code above should give you an idea about
how easy this change would be ; ). I agree that it can be frustrating
with some editors to teach them new extensions. However, I'm not sure if
you are going to gain more security by changing the extensions. Here is why:
* If your files are named .ctp and mod_rewrite fails, an attacker
could potentially view your view files source code. Now since your
view files should normally not contain passwords, or other things
that should be not that big a deal (it's like if somebody views
the HTML source in the browser, just server side).
* If your files are named PHP and your mod_rewrite fails, a mistake
in your server configuration (register globals turned on) could
potentially lead XSS attacks. If you however also have file
read/write commands in there (you really shouldn't!), it would
also allow to modify data on your server.
To me scenario #2 is worse then #1. But maybe others have different
opinions on the topic.
-- Felix Geisendörfer aka the_undefined
--------------------------
http://www.thinkingphp.org
http://www.fg-webdesign.de
[EMAIL PROTECTED] wrote:
> Hy all,
>
> I crawled throught this group searching for endless need to configure
> every app used for editing cackephp templates for syntax higlighting.
>
> Big annoyance of cakephp (or any app with same aproach). Why let all
> the world change their settings if one could sipmly let the templates
> be with php extension and also automatically protect them from public
> acces if something happens with webserver etc? Afterall it's just a
> file that's included in templating process and the extension has no
> meaning what so ever as it can contain any kind of text informatin.
>
> It's the same thing again that was with *.inc files and all the users
> who write their pw -s into some files with absurd extensions :) and
> got f**ked if anything in security line went wrong.
>
> So put yourself in a project manager position: 60 designers, coders
> aso to change their user habits :) not a good thing and easy task for
> project manager to explain (+ new workers). The integration of
> cackephp would be a lot easier if this extension was php or html or
> whatever default value for tons of editors recognise without a change
> in settings.
>
> I understand it's so cool but for my point of view it's just another
> unneccecary task for managers, developers, designers and server admins
> who have to secure those files.
>
> So someone has a clue how to manually change this .ctp -> .php in
> local cakephp install?
>
> 1 task with change&replace in all files vs 60+ tasks is a huge leap to
> better usability.
>
>
> >
>
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Cake
PHP" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/cake-php?hl=en
-~----------~----~----~----~------~----~------~--~---
