防止模板静态访问业务类
[英]prevent templates from accessing business classes statically
问题描述
I have a framework (of sorts) that has Presentation logic & Business logic. 
我有一个具有表示逻辑和业务逻辑的框架。
My problem is that the Business logic calls methods statically, therefore, no instance of the class is needed. 我的问题是,业务逻辑静态地调用方法,因此,不需要该类的实例。 One of these classes is called Config that holds (some) dangerous info (like DB connection info). 这些类之一称为Config,它保存(一些)危险信息(例如DB连接信息)。 So how do I stop the presentation logic from doing this: 因此,如何停止演示逻辑执行此操作:
var_dump(Config::get('database'));
1 个解决方案
解决方案1
1 2011-02-02 09:30:39
If your templates have the ability to execute arbitraty PHP code you cannot. 如果您的模板具有执行任意PHP代码的能力,则不能。
Unless you have a template engine where templates are fully "sandboxed" you cannot allow untrusted users to edit templates. 除非您拥有一个模板引擎,其中模板完全被“沙盒化”,否则您将无法允许不受信任的用户编辑模板。
However, for database connection information, you could simply unset those variables after they've been used. 但是,对于数据库连接信息,您可以在使用完这些变量后直接取消设置。 Doesn't stop someone from writing PHP code in his template which reads the config file again though ... 不会阻止某人在其模板中编写PHP代码,尽管该模板会再次读取配置文件...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.