* Tim Traver <[EMAIL PROTECTED]> [2004-04-14 09:00:24 -0700]:
<snip>
> Actually, you can use smarty in a way that solves those issues.
Not without putting much code around smarty.
> Simply not include the logic features of smarty in your templates.
But how can I really prevent the one who writes the templates from
using php code ? And THATs one of the biggest security problems for me.
We're offering application services to our customers. The users have
full access to the templates, so they can make their changes themselves.
But therefore its absoluteley necessary that they can't inject any php
code and so compromise the application server.
Smarty simply cannot provide this.
<snip>
> That way, the only thing included in the templates is html, and
> {$variables}.
> Then your web designers don't need to learn anything.
The designer has to learn coding if it gets a little bit more complex.
We've tested it with our designers: they've real difficulties in
understanding imperative process logic (which is trivial for us coders).
Instead they can work very good with simple rule-systems, which just
say "snippet visble or invisible" or "this text for this condition".
A foreach-loop is for them much harder to understand, than simply
a snipped is a list tail.
<snip>
> The problem that you'll find with that, is that it means you will have
> to do more html work in your back end logic to produce the same
> results.
Eh ? Where ?
We're talking about different approaches for templating, not templating
vs. hardcoded text.
We never hardcode output text into applications. Instead we let patTemplate
produce all text output, even for generting config files.
<snip>
> Yes, it is bound to php, and yes, it has to happen on the application
> server that gets the call, but if you're using php as your application
> processing, then why would you need it to be somewhere else.
But such a quite simple and clearly definably job like text template
processing does not necessarily have to be written in php, nor accessing
or relying on php-functions and syntax.
We're currently working on a patTemplate implementation in plain C,
which will then either loaded as an php-extension or an apache filter.
cu
--
---------------------------------------------------------------------
Enrico Weigelt == metux IT services
phone: +49 36207 519931 www: http://www.metux.de/
fax: +49 36207 519932 email: [EMAIL PROTECTED]
cellphone: +49 174 7066481
---------------------------------------------------------------------
-- DSL-Zugang ab 0 Euro. -- statische IP -- UUCP -- Hosting --
---------------------------------------------------------------------
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
