Download the PHP package ayesh/phptemplate without Composer

On this page you can find all versions of the php package ayesh/phptemplate. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Example code of ayesh/phptemplate

Informations about the package phptemplate

PHPTemplate

Lightweight, fast, and simple template engine that you write templates in PHP.

Build Status License Latest Stable Version SymfonyInsight codecov Scrutinizer Code Quality PHP versions Too many badges

PHPTemplate is a very simple and light weight template engine that you can write your templates in PHP, but still tries to help you write secure-by-default templates. It provides secure-by-default variable access, and a few helper methods that you will learn in 30 seconds and you are all set to use it!

I wish we had more templating engines in PHP.

-- No one | ever.

In its simplest form, you can throw in any PHP file, and its output will be returned. You can optionally pass additional variables that will be made accessible inside the template, and these variables will be sanitized by default to make it difficult to forget sanitizing any user input.

Simple Example

Template file: test-template.php:

How to use template:

Example with variables

Template file: test-template.php:

How to use template:

Within the template, the special $v variable will be available, and will contain all the variables you provided at the time you instantiated the $template object.

Every time you access these variables, they will be sanitized by default. In the example above, note that the $vars['name'] variable contains a JavaScript. If you do not sanitize this variable, it will be interpreted as JavaScript, making your site vulnerable to Cross Site Scripting attacks. However, PHPTemplate library sanitizes these variables by default, which gives the following output:

The above snippet contains the HTML you used in the template file, but notice how the $vars['name'] variable is sanitized to HTML entities. Browsers will not interpret this as JavaScript, and will instead print the literal characters <script>alert("xss!");</script>. When you print this to the browser, your users will see the following, without the browser interpreting JavaScript:

Good morning <script>alert("xss!");</script>

Welcome to PHPTemplate

In addition to HTML sanitizing, this library provides sanitation for URLs as well. Consider the following template:

Template file: test-template.php:

Notice that in the template above, we access the user_website variable with a colon prefix (:). This will hint the template engine that we expect the URL to be sanitized.

A typical attach would be that the user provides a URL such as javascript:alert("xss"); that is technically a valid URI, but executed JavaScript when clicked. With PHPTemplate, you can easily sanitize these URLs that will allow http://, https://, and ftp:// protocols but none of the above.

The above template will be rendered as:

Output:

The template above is safe, even though the variable we used was unsafe to use as-is.

Please refer to the full reference for more information.

Installation

You can easily install this library via Composer:

By default, the download will not contain the tests directory that contains some templates used in automated tests. If you download the library as a Git clone, or in any other way (such as composer prefer source), please make sure the tests directory is not accessible via your web server. These scripts do not contain anything harmful, but will output some random strings to the browsers that you do not want. The good news is unless you explicitly download the source as-is, these tests will not be included.

After installing, you can include the composer autoloader:

Reference

Accessing variables

Note that this kind of array accessing is guaranteed to be a string. If you access a variable that is not set, or any other type other than a string, float, or an integer, an empty string will be returned instead. This makes it easier to access variables that you are not sure if exists.

To access complex variables, you can use the $v->get('variable']) helper function. It will return whatever variable you set initially. This is not guaranteed to be a string nor is sanitized.

Helper methods

PHPTemplate provides a few helper methods that can help you build your template.

$v->get('variable'):

Returns the original variable set in new PHPTemplate(['variable' => foo]) call (foo in this case), or an empty string if not set. This return value is not sanitized. You can use the helper functions provided below to sanitize them as necessary.

$v->escape('foo')

Escapes the provided literal string to make sure it does not contain anything that would be interpreted as HTML. You can also use this escape method inside HTML attributes as it would also convert single and double quotes to HTML entities.

$v->url('https://example.com')

Sanitizes the provided URL making sure it only contains relative paths, or URIs whose protocol is http://, https://, or ftp://. Any other protocols such as javascript: will be removed.

$v->attributes(['foo' => 'bar')

Expands the provided array into HTML attributes. In this example, you can use the template

that would result:

$v->error('Something went wrong')

This is a shortcut to throw an error of type TemplateError that the parent caller can catch. You will probably never need to use this method, but this is an easy way to throw an error if your template cannot proceed and you want to terminate and report it to the parent callers.

Contributions

Contributions are welcome! Please note that my goal is to have a bare minimum template engine that simply does the job and leaves anything complex to whoever writes the template. Performance improvements and simple+useful helper methods would be highly appreciated. For security issues, please contact me instead of reporting them in public issue queues.

All versions of phptemplate with dependencies

PHP Build Version
Package Version
Requires php Version ^7.2
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package ayesh/phptemplate contains the following files

Loading the files please wait ....