Page 1 of 1
The Dangers of Smarty PHP Tags
Posted: Sun Mar 01, 2009 1:28 am
by CWebguy
Can someone explain to me the dangers of smarty PHP tags?
thanks.
Re: The Dangers of Smarty PHP Tags
Posted: Sun Mar 01, 2009 5:28 am
by viebig
an editor could add malicious php code
Re: The Dangers of Smarty PHP Tags
Posted: Mon Mar 16, 2009 2:44 pm
by CWebguy
If people don't have access to the site, as far as editors? Any danger then?
Thanks.
Re: The Dangers of Smarty PHP Tags
Posted: Tue Mar 17, 2009 1:58 pm
by tyman00
No if you are the only one that will modify content or if you trust those with access to the admin panel it is safe. May I suggest that you use a UDT instead of the smarty PHP tags? If you ever added editors you can restrict access to that, but you cannot prevent anyone from using malicious PHP if you turn those tags on.
Re: The Dangers of Smarty PHP Tags
Posted: Sat Mar 21, 2009 11:04 pm
by CWebguy
How about through the search bar? Any danger there?
Blessings.
Re: The Dangers of Smarty PHP Tags
Posted: Sun Mar 22, 2009 2:44 am
by tyman00
As far as I know it should not be an issue on the front end. The PHP tags are used in the WYSIWYG in the admin area.
Re: The Dangers of Smarty PHP Tags
Posted: Sun Mar 22, 2009 5:34 am
by CWebguy
cool, gotcha, thanks.