|
1 |
|
2 |
|
3 This file contains a brief description of new features which have been added to Smarty 3.1 |
|
4 |
|
5 Smarty 3.1.22 |
|
6 |
|
7 Namespace support within templates |
|
8 ================================== |
|
9 Within templates you can now use namespace specifications on: |
|
10 - Constants like foo\bar\FOO |
|
11 - Class names like foo\bar\Baz::FOO, foo\bar\Baz::$foo, foo\bar\Baz::foo() |
|
12 - PHP function names like foo\bar\baz() |
|
13 |
|
14 Security |
|
15 ======== |
|
16 - disable special $smarty variable - |
|
17 The Smarty_Security class has the new property $disabled_special_smarty_vars. |
|
18 It's an array which can be loaded with the $smarty special variable names like |
|
19 'template_object', 'template', 'current_dir' and others which will be disabled. |
|
20 Note: That this security check is performed at compile time. |
|
21 |
|
22 - limit template nesting - |
|
23 Property $max_template_nesting of Smarty_Security does set the maximum template nesting level. |
|
24 The main template is level 1. The nesting level is checked at run time. When the maximum will be exceeded |
|
25 an Exception will be thrown. The default setting is 0 which does disable this check. |
|
26 |
|
27 - trusted static methods - |
|
28 The Smarty_Security class has the new property $trusted_static_methods to restrict access to static methods. |
|
29 It's an nested array of trusted class and method names. |
|
30 Format: |
|
31 array ( |
|
32 'class_1' => array('method_1', 'method_2'), // allowed methods |
|
33 'class_2' => array(), // all methods of class allowed |
|
34 ) |
|
35 To disable access for all methods of all classes set $trusted_static_methods = null; |
|
36 The default value is an empty array() which does enables all methods of all classes, but for backward compatibility |
|
37 the setting of $static_classes will be checked. |
|
38 Note: That this security check is performed at compile time. |
|
39 |
|
40 - trusted static properties - |
|
41 The Smarty_Security class has the new property $trusted_static_properties to restrict access to static properties. |
|
42 It's an nested array of trusted class and property names. |
|
43 Format: |
|
44 array ( |
|
45 'class_1' => array('prop_1', 'prop_2'), // allowed properties listed |
|
46 'class_2' => array(), // all properties of class allowed |
|
47 } |
|
48 To disable access for all properties of all classes set $trusted_static_properties = null; |
|
49 The default value is an empty array() which does enables all properties of all classes, but for backward compatibility |
|
50 the setting of $static_classes will be checked. |
|
51 Note: That this security check is performed at compile time. |
|
52 |
|
53 - trusted constants . |
|
54 The Smarty_Security class has the new property $trusted_constants to restrict access to constants. |
|
55 It's an array of trusted constant names. |
|
56 Format: |
|
57 array ( |
|
58 'SMARTY_DIR' , // allowed constant |
|
59 } |
|
60 If the array is empty (default) the usage of constants can be controlled with the |
|
61 Smarty_Security::$allow_constants property (default true) |
|
62 |
|
63 |
|
64 |
|
65 Compiled Templates |
|
66 ================== |
|
67 Smarty does now automatically detects a change of the $merge_compiled_includes and $escape_html |
|
68 property and creates different compiled templates files depending on the setting. |
|
69 |
|
70 Same applies to config files and the $config_overwrite, $config_booleanize and |
|
71 $config_read_hidden properties. |
|
72 |
|
73 Debugging |
|
74 ========= |
|
75 The layout of the debug window has been changed for better readability |
|
76 |
|
77 New class constants |
|
78 Smarty::DEBUG_OFF |
|
79 Smarty::DEBUG_ON |
|
80 Smarty::DEBUG_INDIVIDUAL |
|
81 have been introduced for setting the $debugging property. |
|
82 |
|
83 Smarty::DEBUG_INDIVIDUAL will create for each display() and fetch() call an individual gebug window. |
|
84 |
|
85 . |
|
86 |