Hi,
is there a way to avoid using the absolute paths in the custom block manager and the page footer of OMP 1.2?
In the custom block plugin it works for me to change {$customBlockContent} into {eval var=$customBlockContent} in block.tpl to use variables and smarty instructions,but the same does not work for the footer. I get an authorizationDenied-message in some cases there.
best,
Carola
Hi @carola,
That’s an interesting modification to customBlockContent – it does introduce a bit of a security risk in that anyone permitted to edit custom blocks can execute arbitrary PHP, but if you think it’s worth the risk, I don’t see any other problems with it.
For the footer, which footer template are you modifying, and how are you changing it?
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @asmcher,
it works now for the footer (lib/pkp/templates/frontend/components/footer.tpl)
{eval var=$pageFooter} instead of {$pageFooter}
when using only router instructions like:
{url router=$smarty.const.ROUTE_PAGE page=‘contact’}
Are you sure one can execute any PHP-code? It’s only in the template.
best,
Carola
Hi @carola,
You can embed arbitrary PHP in Smarty using {php}...{/php} tags. I believe Smarty has some provisions for allowing/refusing certain kinds of tags, so it might be able to make it safer, but I’m not very familiar with that aspect of Smarty.
Regards,
Alec Smecher
Public Knowledge Project Team
Hi @carola,
One solution that doesn’t permit embedding of PHP: Identify the code where the page footer is provided to the template manager… (See classes/template/TemplateManager.inc.php)
$this->assign('pageFooter', $context->getLocalizedSetting('pageFooter'));
…and add some variable replacement to it:
$this->assign('pageFooter', str_replace(
array('{$baseUrl}'),
array($this->request->getBaseUrl()),
$context->getLocalizedSetting('pageFooter')
));
Then you could use {$baseUrl} in the footer.
Regards,
Alec Smecher
Public Knowledge Project Team