SeanP Posted January 22, 2021 Share Posted January 22, 2021 I know it is not recommended to use PHP tags in the Smarty templates, and that it poses risks to do so. However, I'm not 100% sure what exactly those risks would be. Can someone please elaborate on what the specific risks are in using PHP within the templates? 0 Quote Link to comment Share on other sites More sharing options...
Kian Posted January 24, 2021 Share Posted January 24, 2021 The security issue is that {php} tag gives designers the possibility to run PHP code. Except for developers, no one should be able to use PHP code. 1 Quote Link to comment Share on other sites More sharing options...
SeanP Posted January 25, 2021 Author Share Posted January 25, 2021 Thanks for the reply. So, it sounds like it might be more procedural (best practice), to help ensure the roles (developer, designer, etc) are clearly defined and protected. If the developer and designer are the same, it might be a moot point, but still would be best practice to divide the template code and PHP code for future separation of those roles. I was unsure if there were possible vulnerabilities from external hacks, or something that would make the PHP code less secure if executed through the template as apposed to a hook. 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.