du9698 2011-04-24 07:59
浏览 84
已采纳

PHP中的超轻模板系统,不允许在模板内部使用php代码或使用eval

I'm searching for a very basic PHP templating system. Right now I'm using:

/**
 * Renders a single line. Looks for {{ var }}
 *
 * @param string $string
 * @param array $parameters
 *
 * @return string
 */
function renderString($string, array $parameters)
{
    $replacer = function ($match) use ($parameters)
    {
        return isset($parameters[$match[1]]) ? $parameters[$match[1]] : $match[0];
    };

    return preg_replace_callback('/{{\s*(.+?)\s*}}/', $replacer, $string);
}

(from here: PHP - Extremely light templating system)

but I can only assign and display variables. I also need a way to use conditions like IF and loop arrays.

I found Rain TPL - http://www.raintpl.com/Quick-Start/#if - which is very close to what I'm looking for, but there are a few things that I don't like it it:

  • it allows the dude who is writing the template to run PHP functions (inside the IF condition).
  • it writes cache and php files, which I don't want

So, is there anything out there similar to this, but even more "basic", strict, and more secure?

  • 写回答

7条回答 默认 最新

  • dskzap8756 2011-06-06 21:42
    关注

    From your requirements I am guessing you are wanting your website users to write some basic php scripts. You might not find a free template engine that does that.

    I think it's better for you if you change an existing template engine to your needs.

    You can change Rain TPL to disable some of its features that you don't want. For example you can do...

    1. Disable function use in IF statements:
      a. Locate elseif( preg_match( '/\{if(?: condition){0,1}="([^"]*)"\}/', $html, $code ) ){

      b. Replace $this->function_check( $tag ); with a new method something like $this->ifcondition_function_check( $tag );

      c. Create the new method that will disable all functions in IF statements.

      private function ifcondition_function_check($code)
      {
          $preg = '/[a-zA-z0-9]+\((.*?)\)/';
          if (preg_match( $preg, $code, $match ) ){
              // find the line of the error
              $line = 0;
              $rows=explode("
      ",$this->tpl['source']);
              while( !strpos($rows[$line],$code) )
                      $line++;
      
              // draw the error line
              $error = str_replace( array('<','>'), array( '&lt;','&gt;' ), array($code,$rows[$line]) );
              $error = str_replace( $code, "<font color=red>$code</font>", $rows[$line] );
      
              // debug the error and stop the execution of the script
              die( "<div>RainTPL Sandbox Error in template <b>{$this->tpl['tpl_filename']}</b> at line $line : <i>$error</i></b>" );
          }
      }
      

      d. Now functions are disabled.

      1. Remove the cache file. (The cache file in Rain TPL is a PHP file with the template tags replaced by PHP code)
        a. Go to method draw()
        b. Locate unset( $this->tpl );
        c. Just before this line remove the complied (cache) file @unlink($this->tpl['compiled_filename']);.
        d. Now the cache file is just a temporary file to execute the PHP code.

    Hope this helps

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(6条)

报告相同问题?

悬赏问题

  • ¥15 maple软件,用solve求反函数出现rootof,怎么办?
  • ¥50 汇编语言除法溢出问题
  • ¥65 C++实现删除N个数据列表共有的元素
  • ¥15 Visual Studio问题
  • ¥15 state显示变量是字符串形式,但是仍然红色,无法引用,并显示类型不匹配
  • ¥20 求一个html代码,有偿
  • ¥100 关于使用MATLAB中copularnd函数的问题
  • ¥20 在虚拟机的pycharm上
  • ¥15 jupyterthemes 设置完毕后没有效果
  • ¥15 matlab图像高斯低通滤波