Smarty allow_php_tag reports 'Undefined property: Smarty::$allow_php_tag'-Collection of common programming errors
So I have an old website which uses an older version of smarty, as today I wanted to upgrade to latest version, and it hit’s me with an error:
[Fri Aug 19 11:21:19 2011] [error] [client ***.***.***.***] PHP Notice: Undefined property: Smarty::$allow_php_tag in /work/smarty3.1rc1/Smarty.class.php on line 592
[Fri Aug 19 11:21:19 2011] [error] [client ***.***.***.***] PHP Fatal error: Uncaught exception 'SmartyCompilerException' with message 'Syntax Error in template "/work/templates/modules/main_module.tpl" on line 2 "{php}" unknown tag "php"' in /work/smarty3.1rc1/sysplugins/smarty_internal_templatecompilerbase.php:596
Stack trace:
#0 /work/smarty3.1rc1/sysplugins/smarty_internal_templatecompilerbase.php(382): Smarty_Internal_TemplateCompilerBase->trigger_template_error('unknown tag "ph...', 2)
#1 /work/smarty3.1rc1/sysplugins/smarty_internal_templateparser.php(2383): Smarty_Internal_TemplateCompilerBase->compileTag('php', Array)
#2 /work/smarty3.1rc1/sysplugins/smarty_internal_templateparser.php(2865): Smarty_Internal_Templateparser->yy_r38()
#3 /work/smarty3.1rc1/sysplugins/smarty_internal_templateparser.php(2965): Smarty_Internal_Templateparser->yy_reduce(38)
#4 in /work/smarty3.1rc1/sysplugins/smarty_internal_templatecompilerbase.php on line 596
Even if I put Smarty 3.0.8 I get same errors … Since the website if full of {php}
tags, removing is not an option. What can I do?
Ok, as following @Pekka’s instructions i found out about Smarty Security Next problem:
$my_security_policy = new Smarty_Security($smarty);
$my_security_policy->allow_php_tag = true;
$my_security_policy->php_functions = array();
$my_security_policy->php_handling = Smarty::PHP_PASSTHRU;
$my_security_policy->php_modifier = array();
$my_security_policy->modifiers = array();
$smarty->enableSecurity($my_security_policy);
shouts:
[Fri Aug 19 12:06:40 2011] [error] [client ***.***.***.***] PHP Fatal error: Uncaught exception 'SmartyCompilerException' with message 'Syntax Error in template .....' modifier 'strtolower' not allowed by security setting'
what’s wrong now … $my_security_policy->php_functions = array();
allows all php functions ..
-
According to the docs,
allow_php_tag
is now a property of theSmarty_Security
class, notSmarty
. See the page for an example how to use it.I don’t know when this changed, but it’s probable it’s a new V3 feature. And a nice one at that!