$security [安全变量]

优质
小牛编辑
133浏览
2023-12-01

$security true/false, default is false. Security is good for situations when you have untrusted parties editing the templates (via ftp for example) and you want to reduce the risk of system security compromises through the template language. Turning on security enforces the following rules to the template language, unless specifially overridden with $security_settings:
安全变量要么是真,要么是假.默认为假.当你不信任模板中的可编辑部分(例如通过ftp方式上传编辑的),并想通过模板语言减小系统非安全的风险时,安全变量设为真比较适合.设为真会将下面的规则强加于模板语言中,除非特别地用$security_settings覆盖.

  • If $php_handling is set to SMARTY_PHP_ALLOW, this is implicitly changed to SMARTY_PHP_PASSTHRU
    如果变量$php_handling设为了SMARTY_PHP_ALLOW,则会隐式地被修改成SMARTY_PHP_PASSTHRU

  • PHP functions are not allowed in IF statements, except those specified in the $security_settings
    PHP函数在IF语句中是不允许的,除了在$security_settings中另行指出.

  • templates can only be included from directories listed in the $secure_dir array
    模板仅可以包含于$secure_dir数组列出的目录中.

  • local files can only be fetched from directories listed in the $secure_dir array using {fetch}
    本地文件仅可以用{fetch}获取于$secure_dir数组列出的目录中.

  • {php}{/php} tags are not allowed
    不允许有{php}{/php}标记.

  • PHP functions are not allowed as modifiers, except those specified in the $security_settings
    PHP函数不允许作为修正器,除了在$security_settings中指出.