Template Conditionals
Author Message
This is essentially a more restrictive version of my PHP in Templates plugin.  The restrictions aim to make this a "safe" plugin to use, that is, doesn't allow arbitrary PHP execution, but still gives the benefits of template conditionals.

You may notice that this still uses the "phptpl" name, and thus, is incompatible with the PHP in Templates plugin.  Both plugins are very similar though.  The differences between this and the other plugin are:
  • Admins cannot enter PHP code using <?php ?> tags
  • Conditionals in <if> and <elseif> tags are checked to ensure that they are "safe" (see below)
  • file_get_contents function has been removed from the allowable <func ...>...</func> shortcuts
  • There's a new <?=...?> tag to print out the result of a "safe" PHP expression; although this is a tag, only PHP expressions may exist inside (do not terminate expressions with a semicolon), so you cannot nest other tags inside this
    Example (prints 123654321):

    HTML Code
    123<?=substr("987654321", 3)?>

  • There's also a new <setvar name>...</setvar> tag which can set variables; for safety reasons, these are actually stored in a $tplvars array.  Examples:
    (just prints some text)

    HTML Code
    <setvar uselesstext>"some text"</setvar>
    {$tplvars['uselesstext']}

    (prints out the username of the user with UID of 2)

    HTML Code
    <setvar user2>get_user(2)</setvar>
    <func htmlspecialchars_uni>{$tplvars['user2']['username']}</func>


v1.0-1.3 of this plugin is based off v1.7 of PHP in Templates.
As of v1.8, PHP 5.3 or later is required.
This plugin can be used with the Admin Security plugin.

"Safe expressions"
This plugin implements "safe expression" checking; essentially, this does impose a bit of a performance hit, but, on the other hand, tries to ensure no "bad PHP" gets executed.
For more information on what I consider to be a "safe expression", see my blog post here.
For the purposes of this plugin, all valid PHP expressions are allowed, as long as they don't infringe on any of the following conditions:
  • no assignment/modification operators (=, +=, |=, ++ etc) allowed
  • no statements such as include, exit, eval etc are allowed
  • no special constants such as PHP_OS, PHP_LIBDIR etc are allowed
  • backtick (`) operator not allowed
  • heredoc type strings not allowed (takes too much effort to handle) - use double quoted strings instead
  • double quoted strings may not contain the "{" character (takes too much effort to handle) - use string concatenation instead
  • array and object typecasting not allowed
  • no variable functions or method calls allowed
  • single line comments (//, #) not allowed
  • only some functions are allowed - see inc/plugins/phptpl_allowed_funcs.txt for a list of allowed functions
(This post was last modified: 06-26-2023 10:42 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: tplcond-1.9.7z (6.35 KB)
Plugin Version: 1.9
Last Updated: 06-26-2023, 10:42 PM

Downloads: 5,263
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Plugin License: GPLv3
Uploader: ZiNgA BuRgA
Patrick_ Offline
Junior Member
**
Posts: 27
Joined: Oct 2011
Post: #11
RE: Template Conditionals
I don't really understand these conditionals Frown

I want to do this:
if ({VALUE$1} == {VALUE$2})
return {VALUE$1};
else
return {VALUE$1} / {VALUE$2}; //that's a slash, not a math op.

Can you translate this to ZiNgA Conditionals?
10-20-2011 06:40 AM
Find all posts by this user Quote this message in a reply
RateU Offline
Administrator
*******
Posts: 2,350
Joined: Mar 2010
Post: #12
RE: Template Conditionals
Maybe something like this:

Code:
<if {VALUE$1} == {VALUE$2} then>
{VALUE$1}
<else>
{VALUE$1} / {VALUE$2}
</if>


10-20-2011 07:17 AM
Find all posts by this user Quote this message in a reply
Patrick_ Offline
Junior Member
**
Posts: 27
Joined: Oct 2011
Post: #13
RE: Template Conditionals
Great, thanks!
10-20-2011 07:50 AM
Find all posts by this user Quote this message in a reply
Sama34 Offline
Senior Member
****
Posts: 490
Joined: May 2011
Post: #14
RE: Template Conditionals
What is the correct syntax for using functions with this plugin? I have tried many ways, bu didn't succeed.

Like:
<func format_name>$name, $usergroup, $adittionalgroups</func>
<func format_name>{$name}, {$usergroup}, {$adittionalgroups}</func>
<func format_name>($name, $usergroup, $adittionalgroups)</func>
<func format_name>({$name}, {$usergroup}, {$adittionalgroups})</func>

Haved tried many ways, even with other functions like get_(forum|thread|post|user) or get_(forum|thread|post|user)_link.

Will really appreciate some examples of how it is suppose to be the right way.

Support PM's will be ignored. Yipi
Plugins: Announcement Bars - Custom Reputation - Mark PM As Unread
03-10-2012 12:36 PM
Visit this user's website Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #15
RE: Template Conditionals
(03-14-2010 10:12 AM)ZiNgA BuRgA Wrote:  The functions available, with the shortcut, are:
htmlspecialchars, htmlspecialchars_uni, intval, file_get_contents, floatval, urlencode, rawurlencode, addslashes, stripslashes, trim, crc32, ltrim, rtrim, chop, md5, nl2br, strrev, strtoupper, strtolower, my_strtoupper, my_strtolower, alt_trow, get_friendly_size, filesize, strlen, my_strlen, my_wordwrap, random_str, unicode_chr, bin2hex, str_rot13, str_shuffle, strip_tags, ucfirst, ucwords, basename, dirname, unhtmlentities

Note that these all have a single argument.
Use <?= ... ?> syntax for other functions.

My Blog
03-10-2012 04:31 PM
Find all posts by this user Quote this message in a reply
Sama34 Offline
Senior Member
****
Posts: 490
Joined: May 2011
Post: #16
RE: Template Conditionals
Thanks!

Support PM's will be ignored. Yipi
Plugins: Announcement Bars - Custom Reputation - Mark PM As Unread
03-11-2012 02:37 PM
Visit this user's website Find all posts by this user Quote this message in a reply
nelliza111 Offline
Junior Member
**
Posts: 3
Joined: Apr 2012
Post: #17
RE: Template Conditionals
(10-20-2011 06:40 AM)Patrick_ Wrote:  I don't really understand these conditionals Frown

I want to do this:
if ({VALUE$1} == {VALUE$2})
return {VALUE$1};
else
return {VALUE$1} / {VALUE$2}; //that's a slash, not a math op.

Can you translate this to ZiNgA Conditionals?

What I am actually doing wrong there?


Code:
<if {$forum['fid']} != '16' then>
{$lastpost_subject}
</if>


I am trying to exclude something for a given forum on index page.

Your plugin obviously works. But I cannot make sence of this conditional. Please help!

Thank you
NZ

(This post was last modified: 04-26-2012 08:31 AM by nelliza111.)
04-26-2012 08:31 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #18
RE: Template Conditionals

Code:
<if $forum['fid'] != '16' then>
{$lastpost_subject}
</if>

Assuming that $forum is even the correct variable.


My Blog
04-26-2012 09:01 AM
Find all posts by this user Quote this message in a reply
nelliza111 Offline
Junior Member
**
Posts: 3
Joined: Apr 2012
Post: #19
RE: Template Conditionals
(04-26-2012 09:01 AM)ZiNgA BuRgA Wrote:  

Code:
<if $forum['fid'] != '16' then>
{$lastpost_subject}
</if>

Assuming that $forum is even the correct variable.


Does not work. Sorry. Simply shows nothing.

I can printout $forum['fid'] anywhere, and it shows correct values for forum. One of forum is #16.

I have clean install of mybb latest version. All your examples from the main post of the thread work ok.

Add.  I am trying to edit  forumbit_depth2_forum_lastpost is that matters

Thanks
NZ
(This post was last modified: 04-26-2012 09:14 AM by nelliza111.)
04-26-2012 09:06 AM
Find all posts by this user Quote this message in a reply
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #20
RE: Template Conditionals
Using the exact code above for that template, it seems to work perfect for me...

My Blog
04-26-2012 12:04 PM
Find all posts by this user Quote this message in a reply


Forum Jump: