headers
Łukasz Palka | 5 Aug 2009 11:47
Picon

Accessing properties

Hello,

I recently started using PHPTAL and Doctrine. Unfrotunatly I cannot access some properties like:

<div tal:repeat="comment post/Comment">

but this works:

<div tal:repeat="comment php:post.Comment">

After deleting "else" from PHPTAL\Context.php, line: 279:
            // ask __get and discard if it returns null
            /*else*/ if (method_exists($base,'__get') && is_callable(array($base, '__get')))
            {
                $tmp = $base->$current;
                if (NULL !== $tmp){
                    $base = $tmp;
                    continue;
                }
            }

it works fine.

Is this a bug in PHPTAL or maybe Doctrine programmers made something strange or...? I am not a pro php programmer, so maybe I am wrong :)

_______________________________________________
PHPTAL mailing list
PHPTAL@...
http://lists.motion-twin.com/mailman/listinfo/phptal
Permalink | Reply | 4 comments |
headers
Kornel Lesiński | 5 Aug 2009 12:40
Picon
Favicon
Gravatar

Re: Accessing properties

On 05-08-2009 at 10:47:49 Łukasz Palka <lukasz.palka2@...> wrote:

> I recently started using PHPTAL and Doctrine. Unfrotunatly I cannot  
> access
> some properties like:
>
> <div tal:repeat="comment post/Comment">
>
> but this works:
>
> <div tal:repeat="comment php:post.Comment">
>
> After deleting "else" from PHPTAL\Context.php, line: 279:
>             // ask __get and discard if it returns null
>             /*else*/ if (method_exists($base,'__get') &&
> is_callable(array($base, '__get')))
>             {
>                 $tmp = $base->$current;
>                 if (NULL !== $tmp){
>                     $base = $tmp;
>                     continue;
>                 }
>             }
>
> it works fine.

This will introduce bugs in code that implements __isset() and __get()  
properly.

> Is this a bug in PHPTAL or maybe Doctrine programmers made something  
> strange
> or...? I am not a pro php programmer, so maybe I am wrong :)

IMHO this is bug in the framework - it implements __isset() which returns  
invalid information.

If __isset() returns false it means that property doesn't exist, PHPTAL  
believes it and won't try to read "non-existent" property.

I suggest changing the framework so that __isset() always returns true for  
all properties that are allowed to be read.

--

-- 
regards, Kornel
Permalink | Reply | 3 comments |
headers
Łukasz Palka | 5 Aug 2009 12:45
Picon

Re: Accessing properties

>> I recently started using PHPTAL and Doctrine. Unfrotunatly I cannot access
>> some properties like:
>
> This will introduce bugs in code that implements __isset() and __get() properly.

I thought so :-/

Thanks
Permalink | Reply | 0 comments |
headers
Szymek Przybył | 5 Aug 2009 12:50
Picon
Gravatar

Re: Accessing properties

Hi Łukasz!

I had the same problem as You, but I am using PHPTAL with Kohana 
Framework. There are an ORM models, which are representing tables in 
database, this handles also relationships, for example: I have 
User_Model object in $user, then when I want to get all his comments, i 
use: $user->comments :-) But in PHPTAL templates "user/comments" doesn't 
work, only "php: user.comments", as in your case.

To handle also ORM relations via PHPTAL templates, I modified 
phptal_path function in PHPTAL/Context.php, I added there just:

if ($base instanceof ORM) {
     $base = $base->$current;
     continue;
}

And now ORM relations works correctly, so in Your case you have to 
enable equivalent of ORM models in Doctrine :-)

Cheers!
Szymek
Permalink | Reply | 0 comments |
headers
Richard Cernava | 6 Aug 2009 19:48
Picon

disabling PHPTal parsing for blocks

Hi,

  I'm at a loss to find a method to disable PHPTAL parsing for a block of
XML/HTML. I am aware that there placing anything in a comment removes it exempts
it from being parsed, but I have not found another method.

What I'm wanting to do is as follows:

<div tal:no-parse="true">
${abc}
</div>

Am I totally missing this?

Thanks!
Richard Cernava
Permalink | Reply | 6 comments |
headers
Ionut Matei | 6 Aug 2009 23:53
Picon

Fwd: stripping or escaping php code in templates

If a template contains php code, it gets into the compiled template and will be executed...

I think a pre-filter can be created for stripping php code, but Is there a feature or setting in PHPTAL for preventing executing php code placed inside php tags (e.g. like $php_handling in smarty)?


thanks.

_______________________________________________
PHPTAL mailing list
PHPTAL@...
http://lists.motion-twin.com/mailman/listinfo/phptal
Permalink | Reply | 6 comments |
headers
Richard Cernava | 7 Aug 2009 03:52
Picon

Re: Fwd: stripping or escaping php code in templates

Ionut Matei <johnutzm <at> ...> writes:

> 
> 
> If a template contains php code, it gets into the compiled template and will
be executed...I think a pre-filter can be created for stripping php code, but Is
there a feature or setting in PHPTAL for preventing executing php code placed
inside php tags (e.g. like $php_handling in smarty)?thanks.
> 

Hi,

  My solution was to do modify the XML parser to add this support.

In XmlParser.php

1. Disable ST_PREPROC
  comment out $builder->onProcessingInstruction(substr($src, $mark, $i-$mark+1));

2. remove any language attribute with the value of php in a script tag
                case self::ST_ATTR_QUOTE:
                    if ($c === $quoteStyle) {
			$value = $this->sanitizeEscapedText(substr($src, $mark, $i-$mark));
			if (!(strtolower($tagname) == 'script' && strtolower($attribute) ==
'language' && strtolower($value) == 'php'))
                        	$attributes[$attribute] = $value;

3. Filter CDATA and comments through a remove php functions
$builder->onCDATASection($this->removePHP(substr($src, $mark, $i-$mark-2)));
$builder->onComment($this->removePHP(substr($src, $mark, $i-$mark+1)));

    private function removePHP($source)
    {
		if (preg_match_all('/(<\?(php|=)?|\?>|language\s*=\s*["\']?php["\']?)/is',
$source, $matches)) {
			$matches[1] = array_unique($matches[1]);

			foreach ($matches[1] as $key => $value) {
				$source = str_replace($value, '', $source);
			}
		}
		return $source;
    }

The other way to handle the comment and CDATA would be to encapsulate them in a
php echo statement:

<?echo <<<NOPHPALLOWED
...CDATA OR COMMENTS...
NOPHPALLOWED;
?>

Or you could add a pre-filter like so:

class removePHP implements PHPTAL_Filter {
	public function filter($source){
		if (preg_match_all('/(<\?(php|=)?|\?>|language\s*=\s*["\']?php["\']?)/is',
$source, $matches)) {
			$matches[1] = array_unique($matches[1]);

			foreach ($matches[1] as $key => $value) {
				$source = str_replace($value, '', $source);
			}
		}
        	return $source;
	}
}
Permalink | Reply | 1 comment |
headers
Richard Cernava | 7 Aug 2009 04:08
Picon

Re: Fwd: stripping or escaping php code in templates

Richard Cernava <cernava <at> ...> writes:

Oh yeah, you do have to filter the attribute values as well because the are
allowed to have php in them.
Permalink | Reply | 0 comments |
headers
Kornel Lesiński | 7 Aug 2009 11:05
Picon
Favicon
Gravatar

Re: Fwd: stripping or escaping php code in templates

On 06-08-2009 at 22:53:22 Ionut Matei <johnutzm@...> wrote:

> If a template contains php code, it gets into the compiled template and  
> will be executed...
>
> I think a pre-filter can be created for stripping php code, but Is there  
> a feature or setting in PHPTAL for preventing executing php code placed  
> inside php tags (e.g. like
> *$php_handling*<http://www.smarty.net/manual/en/variable.php.handling.php>in
> smarty)?

Currently there isn't such option. PHPTAL has been designed with  
assumption that template authors can be trusted.

With few small changes you can disable <?php ?> blocks in templates and  
php: prefix, but I cannot guarantee that there are no other ways to  
execute arbitrary PHP in PHPTAL.

--

-- 
regards, Kornel
Permalink | Reply | 3 comments |
headers
Kornel Lesiński | 7 Aug 2009 11:23
Picon
Favicon
Gravatar

Re: disabling PHPTal parsing for blocks

On 06-08-2009 at 18:48:46 Richard Cernava <cernava@...> wrote:

>   I'm at a loss to find a method to disable PHPTAL parsing for a block of
> XML/HTML. I am aware that there placing anything in a comment removes it  
> exempts
> it from being parsed, but I have not found another method.
>
> What I'm wanting to do is as follows:
>
> <div tal:no-parse="true">
> ${abc}
> </div>
>
> Am I totally missing this?

I'm not sure what exactly do you want.

If you want to output ${abc} literally on the page, then write $${abc}.  
There's no attribute for this.

If you want to hide content of an element, then <div tal:replace=""> will  
work (and if you wrap content in <![CDATA[ ]]>, you won't need to worry  
about closing tags, etc. inside the element).

--

-- 
regards, Kornel
Permalink | Reply | 5 comments |

Gmane