|
|
Posted by Jochem Maas on 06/13/20 11:20
boots wrote:
> Just to add another fan to this fire, I never thought much of Smarty
> automatically providing autoglobals to the template. It really is a
> break from its tradition of providing a clean environment where the
> caller specifies the characteristics of the environment. Not that one
> should see that as a stabbing knife to use on the devs -- it was a bad
> design choice that obviously seemed like a good idea at the time. I
> suspect it was added during a younger, more "innocent" period of the
> internet. Unfortunately, it is now caked in.
to be clear: I wholly accept that.
>
> If you are really paranoid, you can probabably clobber untrusted
> autoglobals in the PHP namespace before running your template but that
> is a poor work-around. I would certainly vote to have this "feature"
> become optional.
>
> That said, what's with the animosity towards the devs and their
> very-correct goal of trying to keep Smarty clean and simple? Does a
> contradiction invalidate all of their efforts? Finally, why is this
> discussion on smarty-general? It is one thing to hijack a thread, it is
sorry for hijacking - put that down to laziness - I have now sent a subscription
request to smarty-internals - I'll monitor that as well and try my best to keep
any relevant comments,questions,ideas,queries,etc to correct list & thread
in future!
actually my concerns go out mostly to php5, the BC argument is strong and
therefore I'm really theorizing/thinking about goals/functionality in terms
of how/what is implemented at a stage when BC will have to be broken in some
way - this assumes that:
1. the Smarty code itself will eventually be refactored
into php5 (a very good candidate given the heavily documented and very well
structured code - e.g. some of the methods are 'dying' to be made 'private')
2. the template syntax will eventually support php5 syntax (e.g. static class
syntax, dereferenced syntax)
> another to hijack it and change the topic to something no longer
> appropriate for the channel. BTW--those are rhetorical, I don't expect
> or require responses, thanks :)
>
>
>
> ____________________________________________________
> Yahoo! Sports
> Rekindle the Rivalries. Sign up for Fantasy Football
> http://football.fantasysports.yahoo.com
>
Navigation:
[Reply to this message]
|