[PHPTAL] Phptal and security
Han
phptal at safeblue.com
Wed May 10 04:05:44 CEST 2006
Thanks for the pointing out this issue. That's OK. Few lines of code in
xslt. Thanks again. -Han
On Tue, 09 May 2006 20:46:53 -0400, "Joshua Paine" <lists at fairsky.us>
said:
> So long as the document remains well-formed XML, PHP can be used
> "straight up" in a phptal document. E.g.,
>
> <div>
> <?php scary_function(); ?>
> </div>
>
> will come out just the same after it passes through the PHPTAL parser.
> You'd need to modify the PHPTAL parser to discard PIs (processing
> instructions) instead of echoing them.
>
> --
> Joshua Paine
> Chief Tower Builder
> LetterBlock Software
> http://letterblock.com/
--
Kiliccote Family
kilicdist at fastmail.fm
More information about the PHPTAL
mailing list