|
From: David G. <da...@co...> - 2011-02-13 20:19:44
|
Not enough snipping. See below. In short - yes.
On 13 Feb 2011, at 18:43, Christian Boltz <pos...@cb...> wrote:
> Hello,
>
> Am Dienstag, 8. Februar 2011 schrieb Gin...@us...:
>> Revision: 949
>> Author: GingerDog
>
>> remove strict standards issue with redefinition of smarty::assign()
>> with different parameters than parent class; ideally I should not
>> put the __get/__set/__call methods in here as living without them
>> would reduce our dependency on smarty,
>
> I'd also welcome that - just in case that
> a) we decide to switch template engines again ;-)
> b) someone wants to create additional template engines
>
> If we can make the interface less dependent on smarty without loosing
> functionality, I'd really like that.
>
> Even if we need some smarty properties, I'd prefer to have individual
> functions for them so that we have a clear interface documentation.
>
> We should also drop usage of $smarty.get.*** (aka $_GET) and
> $smarty.session.*** ($_SESSION) and instead use $smarty->assign for
> every variable.
>
>> --- trunk/smarty.inc.php 2011-02-07 23:27:19 UTC (rev 948)
>> +++ trunk/smarty.inc.php 2011-02-07 23:29:13 UTC (rev 949)
>
>> + public function __set($key, $value) {
>> + $this->template->$key = $value;
>> + }
>> + public function __get($key) {
>> + return $this->template->$key;
>> + }
>> + public function __call($method, $params) {
>> + return call_user_func_array($this->template->$method,
>> $params);
>> + }
>
> According to my grep results, we only use $smarty->assign and
> $smarty->display.
>
> The only exception is in smarty.inc.php where we set
> - $smarty->template_dir
> - $smarty->compile_dir
> - $smarty->config_dir
>
> We could do this easily inside the PFASmarty class (in __construct) - no
> need to make those settings public.
>
> That would also mean we can remove __set, __get and __call.
>
> Objections?
None. Motion carried :)
>
>> $smarty->template_dir = $incpath.'/templates';
>> -$smarty->compile_dir = $incpath.'/templates_c';
>> +if(is_writeable('/tmp')) {
>> + if(!is_dir('/tmp/postfixadmin_templates_c')) {
>> + mkdir('/tmp/postfixadmin_templates_c');
>> + }
>> +}
>> +if(is_writeable('/tmp/postfixadmin_templates_c')) {
>> + $smarty->compile_dir = '/tmp/postfixadmin_templates_c';
>> +}
>
> That opens us up to security problems like symlink attacks.
> Never use a fixed path in /tmp!
> (Obviously you can't use a random dir for smarty caching - that will
> fill up /tmp with lots of smarty cache dirs.)
>
Sorry. Didnt realise I'd committed or written that.
> In short: drop the idea of using /tmp/something.
>
Yes. Seconded.
>> +else {
>> + $smarty->compile_dir = $incpath.'/templates_c';
>> +}
>> +
>
> This should be default behaviour - and only be overrideable by a $CONF
> setting.
>
> That said: Some time ago, I asked if it would be possible to have NO
> compile_dir at all (and recompile the templates every time). IIRC the
> answer was "yes, that's possible", however I have no idea how to do
> that.
There's a config parameter to do it. Can't remember which ones, but It is possible to do with smarty.
David.
>
>
> Regards,
>
> Christian Boltz
> --
>> jeder mit etwas guten Willen und einem IQ knapp über einem Kühlschrank
>> sollte das doch irgendwann einmal verstehen!
> dann sei du mein Gemüsefach, weil für mehr reicht es ja nicht .... ;)
> [> Burkhard Schichtel und Detlef Reichelt in opensuse-de]
>
> ------------------------------------------------------------------------------
> The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
> Pinpoint memory and threading errors before they happen.
> Find and fix more than 250 security defects in the development cycle.
> Locate bottlenecks in serial and parallel code that limit performance.
> http://p.sf.net/sfu/intel-dev2devfeb
> _______________________________________________
> Postfixadmin-devel mailing list
> Pos...@li...
> https://lists.sourceforge.net/lists/listinfo/postfixadmin-devel
|
