'Twas brillig, and Elvin Şiriyev at 20/02/09 12:13 did gyre and gimble:
Hi,
i want users to change their profiles view (.phtml) script. but i don't
want user can write $_SESSION['user_id'] = 1;
how can i limit like that functions on view script ?
Zend_View view scripts are processed as PHP and as such you cannot limit
this kind of thing.
If you want to let users edit things, you should perhaps look at a
different template engine. I'm not familiar with it myself but perhaps
smarty will have sufficient protection here? Or you could use XSLT,
which I'm personally working on just now but it seems the mailing list
silently rejects any messages about it :s
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited [http://www.tribalogic.net/]
Open Source:
Mandriva Linux Contributor [http://www.mandriva.com/]
PulseAudio Hacker [http://www.pulseaudio.org/]
Trac Hacker [http://trac.edgewall.org/]
