Template Conditionals
Author Message
This is essentially a more restrictive version of my PHP in Templates plugin.  The restrictions aim to make this a "safe" plugin to use, that is, doesn't allow arbitrary PHP execution, but still gives the benefits of template conditionals.

You may notice that this still uses the "phptpl" name, and thus, is incompatible with the PHP in Templates plugin.  Both plugins are very similar though.  The differences between this and the other plugin are:
  • Admins cannot enter PHP code using <?php ?> tags
  • Conditionals in <if> and <elseif> tags are checked to ensure that they are "safe" (see below)
  • file_get_contents function has been removed from the allowable <func ...>...</func> shortcuts
  • There's a new <?=...?> tag to print out the result of a "safe" PHP expression; although this is a tag, only PHP expressions may exist inside (do not terminate expressions with a semicolon), so you cannot nest other tags inside this
    Example (prints 123654321):

    HTML Code
    123<?=substr("987654321", 3)?>

  • There's also a new <setvar name>...</setvar> tag which can set variables; for safety reasons, these are actually stored in a $tplvars array.  Examples:
    (just prints some text)

    HTML Code
    <setvar uselesstext>"some text"</setvar>
    {$tplvars['uselesstext']}

    (prints out the username of the user with UID of 2)

    HTML Code
    <setvar user2>get_user(2)</setvar>
    <func htmlspecialchars_uni>{$tplvars['user2']['username']}</func>


v1.0-1.3 of this plugin is based off v1.7 of PHP in Templates.
As of v1.8, PHP 5.3 or later is required.
This plugin can be used with the Admin Security plugin.

"Safe expressions"
This plugin implements "safe expression" checking; essentially, this does impose a bit of a performance hit, but, on the other hand, tries to ensure no "bad PHP" gets executed.
For more information on what I consider to be a "safe expression", see my blog post here.
For the purposes of this plugin, all valid PHP expressions are allowed, as long as they don't infringe on any of the following conditions:
  • no assignment/modification operators (=, +=, |=, ++ etc) allowed
  • no statements such as include, exit, eval etc are allowed
  • no special constants such as PHP_OS, PHP_LIBDIR etc are allowed
  • backtick (`) operator not allowed
  • heredoc type strings not allowed (takes too much effort to handle) - use double quoted strings instead
  • double quoted strings may not contain the "{" character (takes too much effort to handle) - use string concatenation instead
  • array and object typecasting not allowed
  • no variable functions or method calls allowed
  • single line comments (//, #) not allowed
  • only some functions are allowed - see inc/plugins/phptpl_allowed_funcs.txt for a list of allowed functions
(This post was last modified: 06-26-2023 10:42 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: tplcond-1.9.7z (6.35 KB)
Plugin Version: 1.9
Last Updated: 06-26-2023, 10:42 PM

Downloads: 5,263
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Plugin License: GPLv3
Uploader: ZiNgA BuRgA
eldenroot Offline
Junior Member
**
Posts: 21
Joined: Dec 2015
Post: #81
RE: Template Conditionals
I just wanna kindly ask you if you can in your free time release a new version compatible with latest php 7 release... thats all. This plugin is a must have choise for MyBB. Thank you in advance, have a nice day!
12-21-2015 07:15 PM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #82
RE: Template Conditionals
Updated to v1.8 for PHP 7 compatibility.  As of this version PHP 5.3 or later is required.

My Blog
12-22-2015 09:36 PM
Find all posts by this user Quote this message in a reply
eldenroot Offline
Junior Member
**
Posts: 21
Joined: Dec 2015
Post: #83
RE: Template Conditionals
Thank you very much!
12-23-2015 06:41 AM
Find all posts by this user Quote this message in a reply
])RAG()N Offline
Junior Member
**
Posts: 1
Joined: Jan 2016
Post: #84
RE: Template Conditionals
I have some php code that displays the number of players online for bf4 and I would like to get it to display in a portal box is this possible? (I have limited knowledge in how all the coding works)

I have "PHP and Template Conditionals" plugin installed, and I have tried to edited the portal Templates but can not work it out.

I have attached the php file


Attached File(s)
.php  bf4onlinestats.php (Size: 2.91 KB / Downloads: 381)
01-11-2016 11:26 AM
Find all posts by this user Quote this message in a reply
Waleed Offline
Junior Member
**
Posts: 34
Joined: Feb 2013
Post: #85
RE: Template Conditionals
Hey Zinga is there a conditional for:

if postcount X in forumid X ?

Thanks.
01-29-2016 04:07 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #86
RE: Template Conditionals
No, the information isn't stored anywhere.
01-29-2016 03:26 PM
Find all posts by this user Quote this message in a reply
Destroy666 Offline
Junior Member
**
Posts: 27
Joined: Jul 2012
Post: #87
RE: Template Conditionals
I'd suggest adding new commonly used 1.8 functions, such as is_member or format_avatar, to the allowed functions file.
04-21-2016 11:42 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #88
RE: Template Conditionals
Thanks for the suggestion.  Just wondering, would you happen to have a list and/or be willing to create one, of the functions that should be added?
Thank you.

My Blog
06-22-2016 05:30 PM
Find all posts by this user Quote this message in a reply
Destroy666 Offline
Junior Member
**
Posts: 27
Joined: Jul 2012
Post: #89
RE: Template Conditionals
Mainly the 2 mentioned above, perhaps also format_time_duration. The rest is not really usable in templates.
06-24-2016 11:16 PM
Find all posts by this user Quote this message in a reply
xQu Offline
Junior Member
**
Posts: 2
Joined: Aug 2016
Post: #90
RE: Template Conditionals
Hello,

I'm on PHP 5.6.

Why when i using

Code:
<?php include 'file.php'; ?>

in Chrome Developer Tools in Source i can see

Code:
<!--?php include 'file.php'; ?--!>


Mybb change < to <!--

Any ideas how i can fix that?

Thank you

(This post was last modified: 08-27-2016 05:56 AM by xQu.)
08-27-2016 05:56 AM
Find all posts by this user Quote this message in a reply


Forum Jump: