Template Conditionals
Author Message
This is essentially a more restrictive version of my PHP in Templates plugin.  The restrictions aim to make this a "safe" plugin to use, that is, doesn't allow arbitrary PHP execution, but still gives the benefits of template conditionals.

You may notice that this still uses the "phptpl" name, and thus, is incompatible with the PHP in Templates plugin.  Both plugins are very similar though.  The differences between this and the other plugin are:
  • Admins cannot enter PHP code using <?php ?> tags
  • Conditionals in <if> and <elseif> tags are checked to ensure that they are "safe" (see below)
  • file_get_contents function has been removed from the allowable <func ...>...</func> shortcuts
  • There's a new <?=...?> tag to print out the result of a "safe" PHP expression; although this is a tag, only PHP expressions may exist inside (do not terminate expressions with a semicolon), so you cannot nest other tags inside this
    Example (prints 123654321):

    HTML Code
    123<?=substr("987654321", 3)?>

  • There's also a new <setvar name>...</setvar> tag which can set variables; for safety reasons, these are actually stored in a $tplvars array.  Examples:
    (just prints some text)

    HTML Code
    <setvar uselesstext>"some text"</setvar>
    {$tplvars['uselesstext']}

    (prints out the username of the user with UID of 2)

    HTML Code
    <setvar user2>get_user(2)</setvar>
    <func htmlspecialchars_uni>{$tplvars['user2']['username']}</func>


v1.0-1.3 of this plugin is based off v1.7 of PHP in Templates.
As of v1.8, PHP 5.3 or later is required.
This plugin can be used with the Admin Security plugin.

"Safe expressions"
This plugin implements "safe expression" checking; essentially, this does impose a bit of a performance hit, but, on the other hand, tries to ensure no "bad PHP" gets executed.
For more information on what I consider to be a "safe expression", see my blog post here.
For the purposes of this plugin, all valid PHP expressions are allowed, as long as they don't infringe on any of the following conditions:
  • no assignment/modification operators (=, +=, |=, ++ etc) allowed
  • no statements such as include, exit, eval etc are allowed
  • no special constants such as PHP_OS, PHP_LIBDIR etc are allowed
  • backtick (`) operator not allowed
  • heredoc type strings not allowed (takes too much effort to handle) - use double quoted strings instead
  • double quoted strings may not contain the "{" character (takes too much effort to handle) - use string concatenation instead
  • array and object typecasting not allowed
  • no variable functions or method calls allowed
  • single line comments (//, #) not allowed
  • only some functions are allowed - see inc/plugins/phptpl_allowed_funcs.txt for a list of allowed functions
(This post was last modified: 12-22-2015 09:35 PM by ZiNgA BuRgA.)
Find all posts by this user
Quote this message in a reply
Download: tplcond-1.8.7z (5.73 KB)
Plugin Version: 1.8
Last Updated: 12-22-2015, 09:35 PM

Downloads: 4,033
MyBB Compatibility: 1.2.x, 1.4.x, 1.6.x, 1.8.x
Plugin License: GPLv3
Uploader: ZiNgA BuRgA
eldenroot Offline
Junior Member
**
Posts: 19
Joined: Dec 2015
Post: #101
RE: Template Conditionals
Hi,

I use XThreads and I have this situation:
1) I use image custom fields together with a text field... how to make template condition working if no image and no text is added -> so show this text "NO INFO AVAILABLE". Thank you?

My fields are mpcode and mpimage
09-17-2018 05:19 AM
Find all posts by this user Quote this message in a reply


Forum Jump: