Volt disable use of <?php ?>

Question

Volt disable use of <?php ?>

He1th Mar '20

Created Mar '20	Last Reply Mar '20	Replies 1	Views 159	Votes 0

He1th 2.4k

Mar '20

Is there anyway to disable the use of "php" tags inside volt? I would like users to edit volt files, but to prevent them for injecting custom code into the file.. How would I achive this?

$di->set('view', function () {

            $view = new View();

            $view->setViewsDir('../../themes/default/production/v1.0.0/');

            $view->registerEngines([
                '.volt' => function ($view) {

                    $volt = new VoltEngine($view, $this);

                    $volt->setOptions([
                        'compiledPath' => '../../themes/default/production/v1.0.0/cache/',
                        'compiledSeparator' => '_',
                        'compileAlways' => true
                    ]);

                    $compiler = $volt->getCompiler();

                    $compiler->addExtension(
                        new PhpFunctionExtension()
                    );

                    return $volt;
                }
            ]);

            return $view;
        }, true);

Dylan Anderson
125.7k

Accepted
answer

edited Mar '20
Mar '20

This was asked last January: https://forum.phalcon.io/discussion/19179/i-want-to-disable-the-php-syntax.

My suggestion now is the same as then: Write a class that extends VoltEngine and write a custom render() wrapper that looks for <?php & ?> tags. How you react when those tags are found - stripping them or throwing an error or something else - is up to you.

He1th · Answer 1 · 2020-03-05T00:32:01-07:00

He1th
2.4k

Mar '20

Thanks for your reply.

I think i will go with Twig instead.