(2012-11-25, 04:35 PM)euantor Wrote: [ -> ]Though I believe Blade also allows the execution of PHP functions so you might want to alter it a little. For example, the following would both work:
{{ phpinfo() }}
{{ die("Whatever...") }}
etc.
You can execute most if not all php commands in Blade. I am not sure if there are any restrictions. You usually won't have too though, considering it is mostly (for me anyways) used for built-in Laravel classes and functions.
True but if he's going to be using it for a re-distributable piece of software you need to be careful - some people may have malicious intentions and letting any function run isn't too safe.
(2012-11-27, 08:56 AM)euantor Wrote: [ -> ]True but if he's going to be using it for a re-distributable piece of software you need to be careful - some people may have malicious intentions and letting any function run isn't too safe.
If its an opensource piece of software. anyone could modify the source code anyways. Running php functions in blade won't make any difference would it not?
True, though I don't think I'm conveying my meaning properly. Look at MyBB as an example. If he's going to allow themes to be distributed, he'll want to minimize the number of available functions. In MyBB we don't let you just use any old function or anything in templates for reasons of security.
I see, so In a sense, you want to restrict people from making stupid decisions. Fair enough.
Pretty much, yeah
Cheers guys