[PHPTAL] Phptal and security
Joshua Paine
lists at fairsky.us
Wed May 10 02:46:53 CEST 2006
So long as the document remains well-formed XML, PHP can be used
"straight up" in a phptal document. E.g.,
<div>
<?php scary_function(); ?>
</div>
will come out just the same after it passes through the PHPTAL parser.
You'd need to modify the PHPTAL parser to discard PIs (processing
instructions) instead of echoing them.
--
Joshua Paine
Chief Tower Builder
LetterBlock Software
http://letterblock.com/
More information about the PHPTAL
mailing list