diff options
| author | Uwe Tews <uwe.tews@googlemail.com> | 2015-01-22 03:53:01 +0100 |
|---|---|---|
| committer | Uwe Tews <uwe.tews@googlemail.com> | 2015-01-22 03:53:01 +0100 |
| commit | 1a781b39b19c64aac0a97610a77cc93dd41a34d0 (patch) | |
| tree | 2d3cc54502e269baa4dbc3668297bfea5f57eddb /NEW_FEATURES.txt | |
| parent | ec19bc763f10f53aaf4db5c07bc0e3b22d273ef0 (diff) | |
| download | smarty-1a781b39b19c64aac0a97610a77cc93dd41a34d0.tar.gz smarty-1a781b39b19c64aac0a97610a77cc93dd41a34d0.tar.bz2 smarty-1a781b39b19c64aac0a97610a77cc93dd41a34d0.zip | |
new feature: security can now control access to static methods and properties
see also NEW_FEATURES.txt
Diffstat (limited to 'NEW_FEATURES.txt')
| -rw-r--r-- | NEW_FEATURES.txt | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/NEW_FEATURES.txt b/NEW_FEATURES.txt index fdc387c5..07700c95 100644 --- a/NEW_FEATURES.txt +++ b/NEW_FEATURES.txt @@ -24,6 +24,33 @@ Smarty 3.1.22 The main template is level 1. The nesting level is checked at run time. When the maximum will be exceeded an Exception will be thrown. The default setting is 0 which does disable this check. + - trusted static methods - + The Smarty_Security class has the new property $trusted_static_methods to restrict access to static methods. + It's an nested array of trusted class and method names. + Format: + array ( + 'class_1' => array('method_1', 'method_2'), // allowed methods + 'class_2' => array(), // all methods of class allowed + ) + To disable access for all methods of all classes set $trusted_static_methods = null; + The default value is an empty array() which does enables all methods of all classes, but for backward compatibility + the setting of $static_classes will be checked. + + - trusted static properties - + The Smarty_Security class has the new property $trusted_static_properties to restrict access to static properties. + It's an nested array of trusted class and property names. + Format: + array ( + 'class_1' => array('prop_1', 'prop_2'), // allowed properties listed + 'class_2' => array(), // all properties of class allowed + } + To disable access for all properties of all classes set $trusted_static_properties = null; + The default value is an empty array() which does enables all properties of all classes, but for backward compatibility + the setting of $static_classes will be checked. + + + + Compiled Templates ================== Smarty does now automatically detect a change of the $merge_compiled_includes and $escape_html |
