如何在模板视图中禁用 php 引擎
我使用模板解析器类来呈现我的视图。因为视图对于某些用户来说是可编辑的,所以我需要在视图中禁用 php 解释器。
有什么方法可以做到呢?
问候!
编辑:
- 我在views目录中添加了.htaccess文件:
AddType text/plain .php
- 我扩展了CI_Loader,替换了_ci_load()函数中的php开始标记(在php标记之前添加了斜杠)。
现在 php 无法在视图中运行。
I use template parser class to render my views. Because views are editable for some users I need disable php interpreter in views.
What is way to do it?
Regards!
EDIT:
- I added .htaccess file in views directory:
AddType text/plain .php
- I extended CI_Loader replacing php begin mark (added slashes before php mark) in _ci_load() function.
Now php is not working in views.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
(假设您使用的是 Apache)
您可以使用 .tpl 扩展名保存文件,并将类似...
...的内容添加到您的 Apache httpd.conf 文件(或可能是 .htaccess)中。
当然,如果人们愿意的话,它不会阻止人们在模板中添加 PHP 代码,但这应该意味着如果在 Web 服务器上查看文件,则不会解释该代码;然而,这使得在这些文件中输入的任何原始 PHP 代码都可以纯文本形式提供给任何找到 URI (www.yoursite.ext/templates/a_template.tpl) 的人 - 如果由于某种不明原因它有类似的内容,这可能会非常糟糕那里有
define('DB_PASSWORD', "DBP@55w0rd");(好吧,这会是非常错误的,但你明白了)。更好的解决方案是将tpl文件存储在网络树之外,或者存储在受.htaccess
拒绝所有保护的文件夹内 -您的 PHP 脚本仍然能够将它们拉入但是任何人都无法通过 http 直接访问它们,因此视图中的任何 PHP 永远不会被解释,因为它永远无法访问。或者,如果您对视图引擎很灵活,请查看 PHPTAL : http://phptal.org/
(assuming you're using Apache)
You could save the files with .tpl extensions and add something like...
... to your Apache httpd.conf file (or .htaccess probably).
It won't of course prevent people from adding PHP code in the template if they feel like it but it should mean that that code won't be interpreted if the files are viewed on the web-server; however that leaves any raw PHP code entered in those files available in plain text to anyone who finds the URI (www.yoursite.ext/templates/a_template.tpl) - which could be very bad if, for some obscure reason it's got something like
define('DB_PASSWORD', "DBP@55w0rd");in there (OK that would be very wrong but you get the point).A better solution would be to store the tpl files outside the web-tree, or inside a folder protected with an .htaccess
Deny from all- your PHP scripts will still be able to pull them in but they'll not be accessible directly to anyone over http, so any PHP inside your views will never be interpreted as it'll never be accessible.Alternatively, if you're flexible on your view engine, take a look at PHPTAL : http://phptal.org/
我不明白你的问题。
你的解析器能识别模板中的 PHP 吗?如果是这样 - 禁用有何帮助?如果没有 - PHP 对你的模板做了什么?他们有 .php 扩展名吗?
I don't understand your problem.
Does your parser recognize PHP in templates? if so - how disabling will help? If no - what does PHP do with your templates at all? Do they have .php extension?