well, yes, "don't do it" is one approach but we will have a large number of people with the ability to edit these templates and we intended them to be pretty idiot-proof (which allowing embedded php is not).
A pre-filter sounds like a good idea. TBH, we were rather surprised because what's the point in the php: functionality if you can just embed php? Robert ---- Robert Goldsmith [email protected] On 18 May 2012, at 14:10, [email protected] wrote: > Don't do it? > > You can create a pre-filter that strips those from the source > ------Original Message------ > From: Robert Goldsmith > Sender: [email protected] > To: Template Attribute Language for PHP > ReplyTo: Template Attribute Language for PHP > Subject: [PHPTAL] PHP content in templates > Sent: May 18, 2012 09:07 > > Hello :) > > We've noticed you can just drop <?php php-code ?> in a tal template and it > will drop it in the compiled template file and execute it. This is not > something we want to happen so any suggestions on the best way to prevent it? > > Robert > ---- > Robert Goldsmith > [email protected] > > > > > > _______________________________________________ > PHPTAL mailing list > [email protected] > http://lists.motion-twin.com/mailman/listinfo/phptal > > Sent via BlackBerry by AT&T > > _______________________________________________ > PHPTAL mailing list > [email protected] > http://lists.motion-twin.com/mailman/listinfo/phptal _______________________________________________ PHPTAL mailing list [email protected] http://lists.motion-twin.com/mailman/listinfo/phptal
