On 06-08-2009 at 22:53:22 Ionut Matei <johnu...@gmail.com> wrote:
If a template contains php code, it gets into the compiled template and
will be executed...
I think a pre-filter can be created for stripping php code, but Is there
a feature or setting in PHPTAL for preventing executing php code placed
inside php tags (e.g. like
Currently there isn't such option. PHPTAL has been designed with
assumption that template authors can be trusted.
With few small changes you can disable <?php ?> blocks in templates and
php: prefix, but I cannot guarantee that there are no other ways to
execute arbitrary PHP in PHPTAL.
PHPTAL mailing list