What is a good dumbed-down, safe template system for PHP?
Posted
by Wilhelm
on Stack Overflow
See other posts from Stack Overflow
or by Wilhelm
Published on 2010-04-01T02:39:16Z
Indexed on
2010/04/01
2:43 UTC
Read the original article
Hit count: 388
(Summary: My users need to be able to edit the structure of their dynamically generated web pages without being able to do any damage.)
Greetings, ladies and gentlemen. I am currently working on a service where customers from a specific demographic can create a specific type of web site and fill it with their own content. The system is written in PHP.
Many of the users of this system wish to edit how their particular web site looks, or, more commonly, have a designer do it for them. Editing the CSS is fine and dandy, but sometimes that's not enough. Sometimes they want to shuffle the entire page structure around by editing the raw HTML of the dynamically created web pages.
The templating system used by WordPress is, as far as I can see, perfect for my use. Except for one thing which is critically important. In addition to being able to edit how comments are displayed or where the menu goes, someone editing a template can have that template execute arbitrary PHP code.
As the same codebase runs all these different sites, with all content in the same databse, allowing my users to run arbitrary code is clearly out of the question.
So what I need, is a dumbed-down, idiot-proof templating system where my users can edit most of the page structure on their own, pulling in the dynamic sections wherever, without being able to even echo 1+1;.
Observe the following psuedocode:
<!DOCTYPE html>
<title><!-- $title --></title>
<!-- header() -->
<!-- menu() -->
<div>Some random custom crap added by the user.</div>
<!-- page_content() -->
That's the degree of power I'd like to grant my users. They don't need to do their own loops or calculations or anything. Just include my variables and functions and leave the rest to me.
I'm sure I'm not the only person on the planet that needs something like this. Do you know of any ready-made templating systems I could use?
Thanks in advance for your reply.
© Stack Overflow or respective owner