b19d6137fb
Will now compile vastly better! Please read change_log.txt and NEW_FEATURES.txt We may want to use some of these new features in 2.1, which briefly are about: Namespace support within templates, Security, Compiled Templates, Debugging
86 lines
3.8 KiB
Plaintext
86 lines
3.8 KiB
Plaintext
|
|
|
|
This file contains a brief description of new features which have been added to Smarty 3.1
|
|
|
|
Smarty 3.1.22
|
|
|
|
Namespace support within templates
|
|
==================================
|
|
Within templates you can now use namespace specifications on:
|
|
- Constants like foo\bar\FOO
|
|
- Class names like foo\bar\Baz::FOO, foo\bar\Baz::$foo, foo\bar\Baz::foo()
|
|
- PHP function names like foo\bar\baz()
|
|
|
|
Security
|
|
========
|
|
- disable special $smarty variable -
|
|
The Smarty_Security class has the new property $disabled_special_smarty_vars.
|
|
It's an array which can be loaded with the $smarty special variable names like
|
|
'template_object', 'template', 'current_dir' and others which will be disabled.
|
|
Note: That this security check is performed at compile time.
|
|
|
|
- limit template nesting -
|
|
Property $max_template_nesting of Smarty_Security does set the maximum template nesting level.
|
|
The main template is level 1. The nesting level is checked at run time. When the maximum will be exceeded
|
|
an Exception will be thrown. The default setting is 0 which does disable this check.
|
|
|
|
- trusted static methods -
|
|
The Smarty_Security class has the new property $trusted_static_methods to restrict access to static methods.
|
|
It's an nested array of trusted class and method names.
|
|
Format:
|
|
array (
|
|
'class_1' => array('method_1', 'method_2'), // allowed methods
|
|
'class_2' => array(), // all methods of class allowed
|
|
)
|
|
To disable access for all methods of all classes set $trusted_static_methods = null;
|
|
The default value is an empty array() which does enables all methods of all classes, but for backward compatibility
|
|
the setting of $static_classes will be checked.
|
|
Note: That this security check is performed at compile time.
|
|
|
|
- trusted static properties -
|
|
The Smarty_Security class has the new property $trusted_static_properties to restrict access to static properties.
|
|
It's an nested array of trusted class and property names.
|
|
Format:
|
|
array (
|
|
'class_1' => array('prop_1', 'prop_2'), // allowed properties listed
|
|
'class_2' => array(), // all properties of class allowed
|
|
}
|
|
To disable access for all properties of all classes set $trusted_static_properties = null;
|
|
The default value is an empty array() which does enables all properties of all classes, but for backward compatibility
|
|
the setting of $static_classes will be checked.
|
|
Note: That this security check is performed at compile time.
|
|
|
|
- trusted constants .
|
|
The Smarty_Security class has the new property $trusted_constants to restrict access to constants.
|
|
It's an array of trusted constant names.
|
|
Format:
|
|
array (
|
|
'SMARTY_DIR' , // allowed constant
|
|
}
|
|
If the array is empty (default) the usage of constants can be controlled with the
|
|
Smarty_Security::$allow_constants property (default true)
|
|
|
|
|
|
|
|
Compiled Templates
|
|
==================
|
|
Smarty does now automatically detects a change of the $merge_compiled_includes and $escape_html
|
|
property and creates different compiled templates files depending on the setting.
|
|
|
|
Same applies to config files and the $config_overwrite, $config_booleanize and
|
|
$config_read_hidden properties.
|
|
|
|
Debugging
|
|
=========
|
|
The layout of the debug window has been changed for better readability
|
|
|
|
New class constants
|
|
Smarty::DEBUG_OFF
|
|
Smarty::DEBUG_ON
|
|
Smarty::DEBUG_INDIVIDUAL
|
|
have been introduced for setting the $debugging property.
|
|
|
|
Smarty::DEBUG_INDIVIDUAL will create for each display() and fetch() call an individual gebug window.
|
|
|
|
.
|
|
|