|
|
Posted by boots on 10/01/46 11:20
Just to add another fan to this fire, I never thought much of Smarty
automatically providing autoglobals to the template. It really is a
break from its tradition of providing a clean environment where the
caller specifies the characteristics of the environment. Not that one
should see that as a stabbing knife to use on the devs -- it was a bad
design choice that obviously seemed like a good idea at the time. I
suspect it was added during a younger, more "innocent" period of the
internet. Unfortunately, it is now caked in.
If you are really paranoid, you can probabably clobber untrusted
autoglobals in the PHP namespace before running your template but that
is a poor work-around. I would certainly vote to have this "feature"
become optional.
That said, what's with the animosity towards the devs and their
very-correct goal of trying to keep Smarty clean and simple? Does a
contradiction invalidate all of their efforts? Finally, why is this
discussion on smarty-general? It is one thing to hijack a thread, it is
another to hijack it and change the topic to something no longer
appropriate for the channel. BTW--those are rhetorical, I don't expect
or require responses, thanks :)
____________________________________________________
Yahoo! Sports
Rekindle the Rivalries. Sign up for Fantasy Football
http://football.fantasysports.yahoo.com
Navigation:
[Reply to this message]
|