php code in templates

warlock · Post by **warlock** » Mon Feb 05, 2007 3:50 am

Hi all,

I'm trying to use some custom php code by including it in a template (tpl) file with smarty code like

{include_php file="http://domain.com/path/to/load_nav.php"}

and can't get it to work, it says something like not a trusted resource according to smarty.

Is there something else I need to do to be able to include my own php?

Thanks in advance.

Post by **mattsches** » Mon Feb 05, 2007 3:22 pm

I guess you can only include files from your server, i.e. with a relative path. So you might try something like

Code: Select all

{include_php file="path/to/load_nav.php"}

Someone correct me if I'm wrong.

warlock · Post by **warlock** » Mon Feb 05, 2007 6:55 pm

Thanks for your help......however using a path doesnt seem to work either.

Any more ideas?

judebert · Post by **judebert** » Mon Feb 05, 2007 10:59 pm

I believe that Smarty actually doesn't allow PHP in its templates, unless you turn the security variable off. I'm sure Garvin's mentioned it somewhere in the forums; I just haven't the time to look for it right now. You'll have to modify your config.inc.php and set a $serendipity['SMARTY'] variable.

warlock · Post by **warlock** » Tue Feb 06, 2007 12:11 am

Judebert ok thanks I will look into that.......Is there any security concerns with setting that variable?

Post by **garvinhicking** » Tue Feb 06, 2007 10:41 am

Hi!

Also see http://www.s9y.org/78.html

The security concerns of this implicate that people who have FTP access to your blog can include custom PHP code in templates. And if you have the Smarty Markup plugin installed it means any author on your blog can access PHP code.

Regards,
Garvin

warlock · Post by **warlock** » Tue Feb 06, 2007 3:19 pm

yikes......ok thanks.....I'll read up on it.