Ionut Matei <johnu...@...> writes:
>
>
> If a template contains php code, it gets into the compiled template and will
be executed...I think a pre-filter can be created for stripping php code, but Is
there a feature or setting in PHPTAL for preventing executing php code placed
inside php tags (e.g. like $php_handling in smarty)?thanks.
>
Hi,
My solution was to do modify the XML parser to add this support.
In XmlParser.php
1. Disable ST_PREPROC
comment out $builder->onProcessingInstruction(substr($src, $mark,
$i-$mark+1));
2. remove any language attribute with the value of php in a script tag
case self::ST_ATTR_QUOTE:
if ($c === $quoteStyle) {
$value = $this->sanitizeEscapedText(substr($src, $mark,
$i-$mark));
if (!(strtolower($tagname) == 'script' &&
strtolower($attribute) ==
'language' && strtolower($value) == 'php'))
$attributes[$attribute] = $value;
3. Filter CDATA and comments through a remove php functions
$builder->onCDATASection($this->removePHP(substr($src, $mark, $i-$mark-2)));
$builder->onComment($this->removePHP(substr($src, $mark, $i-$mark+1)));
private function removePHP($source)
{
if
(preg_match_all('/(<\?(php|=)?|\?>|language\s*=\s*["\']?php["\']?)/is',
$source, $matches)) {
$matches[1] = array_unique($matches[1]);
foreach ($matches[1] as $key => $value) {
$source = str_replace($value, '', $source);
}
}
return $source;
}
The other way to handle the comment and CDATA would be to encapsulate them in a
php echo statement:
<?echo <<<NOPHPALLOWED
...CDATA OR COMMENTS...
NOPHPALLOWED;
?>
Or you could add a pre-filter like so:
class removePHP implements PHPTAL_Filter {
public function filter($source){
if
(preg_match_all('/(<\?(php|=)?|\?>|language\s*=\s*["\']?php["\']?)/is',
$source, $matches)) {
$matches[1] = array_unique($matches[1]);
foreach ($matches[1] as $key => $value) {
$source = str_replace($value, '', $source);
}
}
return $source;
}
}
_______________________________________________
PHPTAL mailing list
PHPTAL@lists.motion-twin.com
http://lists.motion-twin.com/mailman/listinfo/phptal
