phpsmartysmarty-plugins

Smarty Template Engine - Unload/Disallow plugins while using $smarty->fetch


How can I unload or disallow smarty core plugins from a template when using $smarty->fetch('mytemplate.tpl') method

For example the template mytemplate.tpl contains {html_options} and {html_table}

When using $smarty->fetch('mytemplate.tpl') only the {html_options} should be parsed by smarty, but {html_table} not

removing the function.html_table.php from plugin folder is not an option as it is still in use by another $smarty->fetch() call


Solution

  • A possible solutions is to extend from the Smarty_Security class and enable securty by using the method

    $smarty->enableSecurity($instanceOfClass)

    Once the fetch method has been called , disableSecurity method do the trick to reenable all plugins/tags/modifiers again.

    Unfortunately when enableSecurity is used and forbidden functions are used an Exception is thrown

    An alternative is to replace all tags/variables/... you want to disallow with {literal}{forbiddenTags}{/literal} by using preg_replace before calling $smarty->fetch([...])

    Example

    # negate regular expression pattern to allow only the below tags
    $pattern = "/\{(?!allowedTag1|allowedTag2).*?\}/";
    $replacement = '{literal}$0{/literal}';
    
    $content = preg_replace($pattern, $replacement, $content);
    $smarty->fetch("string:" . $content);
    

    More details about the Security class here: http://www.smarty.net/docs/en/advanced.features.tpl