|
|
Posted by "messju mohr" on 10/15/81 11:19
On Thu, Jun 23, 2005 at 11:02:52AM +0200, Alexandre Cognard wrote:
> Thanks to everyone,
>
> I'm agree that there's no reason to edit a compiled template file.
> But it happen to me (on an external hosting service) with some php injection
> (dont know how it happens).
> And then, all my compiled template has been compromised.
>
> Can we use the prefix of compiled template to check if the modification date
> is newer than the generation and, then, in this case, re-compile the
> template ?
for fighting the symptoms of some flawed security? such a check would
be a very very wrong place to fix it, IMHO.
> Regards
> Alexandre
>
> -----Message d'origine-----
> De : Monte Ohrt [mailto:monte@ohrt.com]
> Envoyé : mercredi 22 juin 2005 21:18
> À : messju mohr
> Cc : smarty-general@lists.php.net
> Objet : Re: [SMARTY] Validate compiled template
>
> messju mohr wrote:
>
> >
> >not really. the question was what happens if somebody modifies the
> >*compiled* template.
> >
> >the compile_check is mainly the file's modification time compared of
> >the source template vs. the modification time of the compiled
> >template. if the compiled exists and is "newer" everythings fine for
> >smarty and it doesn't attempt any recompilation. an edit of a compiled
> >template very likely even raises the modifications so it doesn't make
> >a change to smarty's (little naive) comparason.
> >
> >
>
> There should never be a reason to edit the compiled template files
> directly, so there is no function for this. If you are copying compiled
> files to another server, it would be better to just remove them and let
> them recompile, or at least touch them (and the templates) to get
> everything in sync initially.
>
> Monte
>
> --
> Smarty General Mailing List (http://smarty.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
> --
> Smarty General Mailing List (http://smarty.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
Navigation:
[Reply to this message]
|