?
? ????? PHP ??? ???? ??? ?? ??
$security
安全變量
$security true/false, default is false. Security is good for
situations when you have untrusted parties editing the templates
(via ftp for example) and you want to reduce the risk of system
security compromises through the template language. Turning on
security enforces the following rules to the template language,
unless specifially overridden with $security_settings:
安全變量要么是真,要么是假.默認(rèn)為假.當(dāng)你不信任模板中的可編輯部分(例如通過(guò)ftp方式上傳編輯的),并想通過(guò)模板語(yǔ)言減小系統(tǒng)非安全的風(fēng)險(xiǎn)時(shí),安全變量設(shè)為真比較適合.設(shè)為真會(huì)將下面的規(guī)則強(qiáng)加于模板語(yǔ)言中,除非特別地用$security_settings覆蓋.
-
If $php_handling is set to SMARTY_PHP_ALLOW, this is implicitly changed to SMARTY_PHP_PASSTHRU
如果變量$php_handling設(shè)為了SMARTY_PHP_ALLOW,則會(huì)隱式地被修改成SMARTY_PHP_PASSTHRU -
PHP functions are not allowed in IF statements, except those specified in the $security_settings
PHP函數(shù)在IF語(yǔ)句中是不允許的,除了在$security_settings中另行指出. -
templates can only be included from directories listed in the $secure_dir array
模板僅可以包含于$secure_dir數(shù)組列出的目錄中. -
local files can only be fetched from directories listed in the $secure_dir array using {fetch}
本地文件僅可以用{fetch}獲取于$secure_dir數(shù)組列出的目錄中. -
{php}{/php} tags are not allowed
不允許有{php}{/php}標(biāo)記. -
PHP functions are not allowed as modifiers, except those specified in the $security_settings
PHP函數(shù)不允許作為修正器,除了在$security_settings中指出.