We have moved our forum to GitHub Discussions. For questions about Phalcon v3/v4/v5 you can visit here and for Phalcon v6 here.

Volt disable use of <?php ?>

Is there anyway to disable the use of "php" tags inside volt? I would like users to edit volt files, but to prevent them for injecting custom code into the file.. How would I achive this?

$di->set('view', function () {

            $view = new View();


                '.volt' => function ($view) {

                    $volt = new VoltEngine($view, $this);

                        'compiledPath' => '../../themes/default/production/v1.0.0/cache/',
                        'compiledSeparator' => '_',
                        'compileAlways' => true

                    $compiler = $volt->getCompiler();

                        new PhpFunctionExtension()

                    return $volt;

            return $view;
        }, true);

edited Mar '20

This was asked last January: https://forum.phalcon.io/discussion/19179/i-want-to-disable-the-php-syntax.

My suggestion now is the same as then: Write a class that extends VoltEngine and write a custom render() wrapper that looks for <?php & ?> tags. How you react when those tags are found - stripping them or throwing an error or something else - is up to you.


Thanks for your reply.

I think i will go with Twig instead.