Smarty allow_php_tag reports 'Undefined property: Smarty::$allow_php_tag'-Collection of common programming errors

10 years ago
admin
2 minutes

So I have an old website which uses an older version of smarty, as today I wanted to upgrade to latest version, and it hit’s me with an error:

[Fri Aug 19 11:21:19 2011] [error] [client ***.***.***.***] PHP Notice:  Undefined property: Smarty::$allow_php_tag in /work/smarty3.1rc1/Smarty.class.php on line 592
[Fri Aug 19 11:21:19 2011] [error] [client ***.***.***.***] PHP Fatal error:  Uncaught exception 'SmartyCompilerException' with message 'Syntax Error in template "/work/templates/modules/main_module.tpl"  on line 2 "{php}" unknown tag "php"' in /work/smarty3.1rc1/sysplugins/smarty_internal_templatecompilerbase.php:596
Stack trace:
    #0 /work/smarty3.1rc1/sysplugins/smarty_internal_templatecompilerbase.php(382): Smarty_Internal_TemplateCompilerBase->trigger_template_error('unknown tag "ph...', 2)
    #1 /work/smarty3.1rc1/sysplugins/smarty_internal_templateparser.php(2383): Smarty_Internal_TemplateCompilerBase->compileTag('php', Array)
    #2 /work/smarty3.1rc1/sysplugins/smarty_internal_templateparser.php(2865): Smarty_Internal_Templateparser->yy_r38()
    #3 /work/smarty3.1rc1/sysplugins/smarty_internal_templateparser.php(2965): Smarty_Internal_Templateparser->yy_reduce(38)
    #4 in /work/smarty3.1rc1/sysplugins/smarty_internal_templatecompilerbase.php on line 596

Even if I put Smarty 3.0.8 I get same errors … Since the website if full of {php} tags, removing is not an option. What can I do?

Ok, as following @Pekka’s instructions i found out about Smarty Security Next problem:

$my_security_policy = new Smarty_Security($smarty);
$my_security_policy->allow_php_tag = true;
$my_security_policy->php_functions = array();
$my_security_policy->php_handling = Smarty::PHP_PASSTHRU;
$my_security_policy->php_modifier = array();
$my_security_policy->modifiers = array();

$smarty->enableSecurity($my_security_policy);

shouts:

[Fri Aug 19 12:06:40 2011] [error] [client ***.***.***.***] PHP Fatal error:  Uncaught exception 'SmartyCompilerException' with message 'Syntax Error in template .....' modifier 'strtolower' not allowed by security setting'

what’s wrong now … $my_security_policy->php_functions = array(); allows all php functions ..

  1. According to the docs, allow_php_tag is now a property of the Smarty_Security class, not Smarty. See the page for an example how to use it.

    I don’t know when this changed, but it’s probable it’s a new V3 feature. And a nice one at that!