使用Smarty过滤不安全函数

最新推荐文章于 2021-03-27 06:56:06 发布

jaapee

最新推荐文章于 2021-03-27 06:56:06 发布

阅读量580

点赞数

分类专栏： Smarty 文章标签： templates security constants php include tags

本文链接：https://blog.csdn.net/jaapee/article/details/6070327

版权

Smarty 专栏收录该内容

1 篇文章 0 订阅

订阅专栏

下面是Smarty.class.php的片段程序

/** * This enables template security. When enabled, many things are restricted * in the templates that normally would go unchecked. This is useful when * untrusted parties are editing templates and you want a reasonable level * of security. (no direct execution of PHP in templates for example) * * @var boolean */ var $security = false; /** * These are the security settings for Smarty. They are used only when * {@link $security} is enabled. * * @var array */ var $security_settings = array( 'PHP_HANDLING' => false, 'IF_FUNCS' => array('array', 'list', 'isset', 'empty', 'count', 'sizeof', 'in_array', 'is_array', 'true', 'false', 'null'), 'INCLUDE_ANY' => false, 'PHP_TAGS' => false, 'MODIFIER_FUNCS' => array('count'), 'ALLOW_CONSTANTS' => false, 'ALLOW_SUPER_GLOBALS' => true );

注释里面就说得很清楚了^_^