RE: [Mantisbt-dev] Templates and Themes

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi Martin,

> Using templates may be fine and all, but I strongly believe=20
> that mantis development should focus on fixing security=20
> issues ...
I'm convinced that a clean separation of functionality and visual =
appearance
will even help to improve security, since the code is much easier to =
read and
understand. I have to admit that I hate going through code with lots of =
<?php
?> and HTML Tags mixed up in one file :-).
You need three layers:
a base layer (php core_* functions),=20
a module that controls the visual appearence (e.g. template engine) and=20
a structure that controls the workflow, gets the data from the base =
layer and
hands it over to the template engine.

> ... and refactoring the code into separate functions (as=20
> suggested by others) before we add more features and bells.=20
That's great, because then we're halfway through with the base layer. =
It'll
make the separation of workflow and visual appearance a lot easier. I'm =
not
talking about features. Using templates will allow you to add (visual)
features much easier at a later stage.=20

> I don't really like to see all those mantis security=20
> bulletins being published on major security lists.
One thing doesn't prevent us from keeping an eye on (or even doing) the
other. The security issues have to be fixed, agreed. But that has to be =
done
anyway. There are (bad example, I know) five functions in fifteen places =
out
there, who in some way list the users who have access to a certain =
function
and each is a bit different from the other.
If we are refactoring the code into separate functions, we will have to =
check
which functions we need for the control and base layers anyway. Wouldn't =
it
be easier to know that to access the data there is only one
"get_users_for_project()" function that returns an array. This array can =
then
be given to template A which uses it to fill a combobox or to template B
which displays it as a list.
I think that we can get completely rid of core_html_API, core_print_API,
css_inc.php and more things like that.
Another example. Just take a look at view_all_bug_page and
print_all_bug_page. Duplicate code reeks and this smells like 90% =
duplicate.
Using a template engine, there would have to be only one control part =
(which
is currently duplicated) and one main template plus a few (2-3) sub =
templates
for both pages.

Greetings
- L=FCbbe