Welcome Guest, Not a member yet? Register   Sign In
Is it a security risk to place php in the view?
#1

[eluser]vtx220[/eluser]
I was wondering if it posed any kind of security risk to place certain php conditionals in the viewfile on occasion? Sometimes it's just so much more efficient to do it this way but I'm not sure how it would be possible to make it a security risk.

ie: <?if($ia==1):?>stuff happens here<?endif;?>

The view files can't be loaded directly and have to be referred by a page on the website such as a controller or another view file. XSS security implementations have also been implemented to prevent access to the view files via form securities, but obviously I'm new to this so there's much to learn lol

EDIT: I just realized something. I believe codeigniter has aliases or whatever, so could it be theroetically possible to write some sort of alias code such as bb code? That said something like <?if($ia..... would be [!thisisanalias!] Would this be a better solution?
#2

[eluser]InsiteFX[/eluser]
You cannot view PHP in a running view file run your app and then in your browser do a view page source!




Theme © iAndrew 2016 - Forum software by © MyBB