The Dangers of Smarty PHP Tags

CWebguy · Post by **CWebguy** » Sun Mar 01, 2009 1:28 am

Can someone explain to me the dangers of smarty PHP tags?

thanks.

viebig · Post by **viebig** » Sun Mar 01, 2009 5:28 am

an editor could add malicious php code

CWebguy · Post by **CWebguy** » Mon Mar 16, 2009 2:44 pm

If people don't have access to the site, as far as editors? Any danger then?

Thanks.

tyman00 · Post by **tyman00** » Tue Mar 17, 2009 1:58 pm

No if you are the only one that will modify content or if you trust those with access to the admin panel it is safe. May I suggest that you use a UDT instead of the smarty PHP tags? If you ever added editors you can restrict access to that, but you cannot prevent anyone from using malicious PHP if you turn those tags on.

CWebguy · Post by **CWebguy** » Sat Mar 21, 2009 11:04 pm

How about through the search bar? Any danger there?

Blessings.

tyman00 · Post by **tyman00** » Sun Mar 22, 2009 2:44 am

As far as I know it should not be an issue on the front end. The PHP tags are used in the WYSIWYG in the admin area.

CWebguy · Post by **CWebguy** » Sun Mar 22, 2009 5:34 am

cool, gotcha, thanks.

CMS Made Simple Forums

The Dangers of Smarty PHP Tags

The Dangers of Smarty PHP Tags

Re: The Dangers of Smarty PHP Tags

Re: The Dangers of Smarty PHP Tags

Re: The Dangers of Smarty PHP Tags

Re: The Dangers of Smarty PHP Tags

Re: The Dangers of Smarty PHP Tags

Re: The Dangers of Smarty PHP Tags