aboutsummaryrefslogtreecommitdiffstats
path: root/library/Smarty/NEW_FEATURES.txt
blob: b2c18c99b7d122c44d8d4c8c4de8320d11fddfcc (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
This file contains a brief description of new features which have been added to Smarty 3.1

Smarty 3.1.22

    Namespace support within templates
    ==================================
    Within templates you can now use namespace specifications on:
     - Constants                like    foo\bar\FOO
     - Class names              like    foo\bar\Baz::FOO, foo\bar\Baz::$foo, foo\bar\Baz::foo()
     - PHP function names       like    foo\bar\baz()

    Security
    ========
    - disable special $smarty variable -
    The Smarty_Security class has the new property $disabled_special_smarty_vars.
    It's an array which can be loaded with the $smarty special variable names like
    'template_object', 'template', 'current_dir' and others which will be disabled.
    Note: That this security check is performed at compile time.

    - limit template nesting -
    Property $max_template_nesting of Smarty_Security does set the maximum template nesting level.
    The main template is level 1. The nesting level is checked at run time. When the maximum will be exceeded
    an Exception will be thrown. The default setting is 0 which does disable this check.

    - trusted static methods -
   The Smarty_Security class has the new property $trusted_static_methods to restrict access to static methods.
   It's an nested array of trusted class and method names.
         Format:
         array (
                    'class_1' => array('method_1', 'method_2'), // allowed methods
                    'class_2' => array(),                       // all methods of class allowed
               )
   To disable access for all methods of all classes set $trusted_static_methods = null;
   The default value is an empty array() which does enables all methods of all classes, but for backward compatibility
   the setting of $static_classes will be checked.
   Note: That this security check is performed at compile time.

    - trusted static properties -
   The Smarty_Security class has the new property $trusted_static_properties to restrict access to static properties.
   It's an nested array of trusted class and property names.
         Format:
         array (
                    'class_1' => array('prop_1', 'prop_2'), // allowed properties listed
                    'class_2' => array(),                   // all properties of class allowed
                }
   To disable access for all properties of all classes set $trusted_static_properties = null;
   The default value is an empty array() which does enables all properties of all classes, but for backward compatibility
   the setting of $static_classes will be checked.
   Note: That this security check is performed at compile time.

    - trusted constants .
   The Smarty_Security class has the new property $trusted_constants to restrict access to constants.
   It's an array of trusted constant names.
         Format:
         array (
                    'SMARTY_DIR' , // allowed constant
                }
   If the array is empty (default) the usage of constants  can be controlled with the
   Smarty_Security::$allow_constants property (default true)



    Compiled Templates
    ==================
    Smarty does now automatically detects a change of the $merge_compiled_includes and $escape_html
    property and creates different compiled templates files depending on the setting.

    Same applies to config files and the $config_overwrite, $config_booleanize and
    $config_read_hidden properties.

    Debugging
    =========
    The layout of the debug window has been changed for better readability
    
    New class constants
        Smarty::DEBUG_OFF
        Smarty::DEBUG_ON
        Smarty::DEBUG_INDIVIDUAL
    have been introduced for setting the $debugging property.

    Smarty::DEBUG_INDIVIDUAL will create for each display() and fetch() call an individual gebug window.

    .