well, yes, "don't do it" is one approach but we will have a large number of people with the ability to edit these templates and we intended them to be pretty idiot-proof (which allowing embedded php is not).
A pre-filter sounds like a good idea. TBH, we were rather surprised because what's the point in the php: functionality if you can just embed php? Robert ---- Robert Goldsmith rgoldsm...@names.co.uk On 18 May 2012, at 14:10, ajcri...@gmail.com wrote: > Don't do it? > > You can create a pre-filter that strips those from the source > ------Original Message------ > From: Robert Goldsmith > Sender: phptal-boun...@lists.motion-twin.com > To: Template Attribute Language for PHP > ReplyTo: Template Attribute Language for PHP > Subject: [PHPTAL] PHP content in templates > Sent: May 18, 2012 09:07 > > Hello :) > > We've noticed you can just drop <?php php-code ?> in a tal template and it > will drop it in the compiled template file and execute it. This is not > something we want to happen so any suggestions on the best way to prevent it? > > Robert > ---- > Robert Goldsmith > rgoldsm...@names.co.uk > > > > > > _______________________________________________ > PHPTAL mailing list > PHPTAL@lists.motion-twin.com > http://lists.motion-twin.com/mailman/listinfo/phptal > > Sent via BlackBerry by AT&T > > _______________________________________________ > PHPTAL mailing list > PHPTAL@lists.motion-twin.com > http://lists.motion-twin.com/mailman/listinfo/phptal _______________________________________________ PHPTAL mailing list PHPTAL@lists.motion-twin.com http://lists.motion-twin.com/mailman/listinfo/phptal
