1. Go to this page and download the library: Download rotexsoft/file-renderer library. Choose the download type require.
2. Extract the ZIP file and open the index.php.
3. Add this code to the index.php.
<?php
require_once('vendor/autoload.php');
/* Start to develop here. Best regards https://php-download.com/ */
rotexsoft / file-renderer example snippets
render a php file named `view.php` located in the `views` sub-directory
//within the directory containing this php script, use the code below:
$file_paths = [ './views' ]; //you can also use absolute paths
// The keys in this data array will be converted to variables when rendering
// a view file. For example, a variable named `$paragraph_data_from_file_renderer`
// with the value `'This is a Paragraph!!'` will be available to the view during
// rendering.
$bad_css_with_xss = <<<INPUT
body { background-image: url('http://example.com/foo.jpg?'); }</style>
<script>alert('You\\'ve been XSSed!')</script><style>
INPUT;
$bad_css_with_xss2 = ' display: block; " onclick="alert(\'You\\\'ve been XSSed!\'); ';
$bad_url_segment_with_xss = ' " onmouseover="alert(\'zf2\')';
$view_data = [
'paragraph_data_from_file_renderer' => 'This is a Paragraph!!',
'var_that_should_be_html_escaped' => '<script>alert("zf2");</script>',
'var_that_should_be_html_attr_escaped' => 'faketitle" onmouseover="alert(/ZF2!/);',
'var_that_should_be_css_escaped' => $bad_css_with_xss,
'another_var_that_should_be_css_escaped' => $bad_css_with_xss2,
'var_that_can_be_safely_js_escaped' => "javascript's cool",
'a_var_that_can_be_safely_js_escaped' => '563',
'a_var_that_cant_be_guaranteed_to_be_safely_js_escaped' => ' var x = \'Yo!\'; alert(x); ',
'var_that_should_be_url_escaped' => $bad_url_segment_with_xss,
];
//You MUST
<!DOCTYPE html>
<html>
<head>
<title>Escaped Entities</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style>
// CSS escaping is being applied to the variable below
//data to supply when the Renderer object is created / instantiated
$view_data = [ 'paragraph_data_from_file_renderer' => 'This is a Paragraph!!' ];
//pass $view_data to the constructor to set view data during object creation
$renderer = new \Rotexsoft\FileRenderer\Renderer('./views/view.php', $view_data);
//NOTE: elements of the view data array supplied during construction time
// can be updated or deleted after object creation.
//NOTE: if no view data array is supplied during object creation, the view
// data for the created object will have a default value of an empty
// array.
$renderer = new \Rotexsoft\FileRenderer\Renderer();
//Set data using object assignment syntax.
//Since view data was not supplied during object creation in this
//example the value below is being set for the first time for
//`paragraph_data_from_file_renderer` inside the internal view
//data array.
$renderer->paragraph_data_from_file_renderer = 'This is a Paragraph!!';
//OR set data using the setVar() method
// $renderer->setVar('paragraph_data_from_file_renderer', 'This is a Paragraph!!');
//This will update the value of `paragraph_data_from_file_renderer` in the
//internal view data array (ie. the protected `data` property in \Rotexsoft\FileRenderer\Renderer).
$renderer->paragraph_data_from_file_renderer = 'This is a new Paragraph!!';
$view_data = [ 'paragraph_data_from_file_renderer' => 'This is a Paragraph!!' ];
$renderer = new \Rotexsoft\FileRenderer\Renderer('./views/view.php', $view_data);
//You can access the value of `paragraph_data_from_file_renderer` like this:
$renderer->paragraph_data_from_file_renderer;
//OR like this:
$renderer->getVar('paragraph_data_from_file_renderer');
$view_data = [ 'paragraph_data_from_file_renderer' => 'This is a Paragraph!!' ];
$renderer = new \Rotexsoft\FileRenderer\Renderer('./views/view.php', $view_data);
//You can completely remove the `paragraph_data_from_file_renderer` entry
//inside the internal view data array after the Renderer object creation
//like this:
unset($renderer->paragraph_data_from_file_renderer);
$file_paths = [ './views/controller1', './views/base-controller' ];
$view_data = [ 'paragraph_data_from_file_renderer' => 'This is a Paragraph!!' ];
$renderer = new \Rotexsoft\FileRenderer\Renderer('./views/view.php', $view_data, $file_paths);
//$renderer->renderToScreen() OR $renderer->renderToScreen('./views/view.php');
//will both lead to the rendering of './views/view.php'
$file_paths = [ './views/controller1', './views/base-controller' ];
$view_data = [ 'paragraph_data_from_file_renderer' => 'This is a Paragraph!!' ];
$renderer = new \Rotexsoft\FileRenderer\Renderer('view.php', $view_data, $file_paths);
$renderer->removeFirstNPaths(1); //will remove './views/controller1' from the file paths array
//$renderer->getFilePaths() at this point will return [ './views/base-controller' ]
$renderer->appendPath('./views/controller1'); // will add './views/controller1' to the end of the
// file paths array
// $renderer->getFilePaths() at this point will return
// [ './views/base-controller', './views/controller1' ]
$renderer->removeLastNPaths(1); //will remove './views/base-controller' from the file paths array
//$renderer->getFilePaths() at this point will return [ './views/controller1' ]
$renderer->prependPath('./views/base-controller'); // will add './views/base-controller' to the
// front of the file paths array
// $renderer->getFilePaths() at this point will return
// [ './views/base-controller', './views/controller1' ]
<!DOCTYPE html>
<html>
<head>
<title>Encodings set correctly!</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div>
What framework are you using?
echo $var_that_should_be_html_escaped;
$file_paths = [];
$bad_css_with_xss = <<<INPUT
body { background-image: url('http://example.com/foo.jpg?'); }</style>
<script>alert('You\\'ve been XSSed!')</script><style>
INPUT;
$bad_css_with_xss2 = ' display: block; " onclick="alert(\'You\\\'ve been XSSed!\'); ';
$view_data = [
'var_that_should_be_html_escaped' => '<script>alert("zf2");</script>',
'var_that_should_be_html_attr_escaped' => 'faketitle" onmouseover="alert(/ZF2!/);',
'var_that_should_be_css_escaped' => $bad_css_with_xss,
'another_var_that_should_be_css_escaped' => $bad_css_with_xss2,
'var_that_can_be_safely_js_escaped' => "javascript's cool",
'a_var_that_can_be_safely_js_escaped' => '563',
'a_var_that_cant_be_guaranteed_to_be_safely_js_escaped' => ' var x = \'Yo!\'; alert(x); ',
];
//an array of key(s) in the data array whose value(s) should each be html escaped
$data_vars_2_be_html_escaped = ['var_that_should_be_html_escaped'];
//an array of key(s) in the data array whose value(s) should each be html attr escaped
$data_vars_2_be_html_attr_escaped = ['var_that_should_be_html_attr_escaped'];
//an array of key(s) in the data array whose value(s) should each be css escaped
$data_vars_2_be_css_escaped = [
'var_that_should_be_css_escaped',
'another_var_that_should_be_css_escaped'
];
//an array of key(s) in the data array whose value(s) should each be js escaped
$data_vars_2_be_js_escaped = [
'var_that_can_be_safely_js_escaped',
'a_var_that_can_be_safely_js_escaped',
'a_var_that_cant_be_guaranteed_to_be_safely_js_escaped'
];
$escape_encoding = 'utf-8'; // should be the same encoding in which the document is served
// to the browser (ie. the encoding defined in your html document).
//Escaping functionality is being enabled in the call to the constructor
//below because we are passing the $data_vars_2_be_*_escaped arrays to the
//constructor. By default, if these escape parameters are not supplied to
//the constructor, they will each internally be assigned an empty array
//value (meaning that escaping is disabled).
$renderer = new \Rotexsoft\FileRenderer\Renderer(
'', //file name can be blank, but should be supplied when any render*() method is called
$view_data,
$file_paths,
$escape_encoding,
$data_vars_2_be_html_escaped,
$data_vars_2_be_html_attr_escaped,
$data_vars_2_be_css_escaped,
$data_vars_2_be_js_escaped
);
$renderer->renderToScreen('./views/view-with-escapable-html.php'); //The escaping of the view data
//occurs only once during this
//first call to renderToScreen
//in order to prevent escaping
//the same data more than once.
$renderer->renderToScreen('./views/view-with-escapable-html-attrs.php'); //Already escaped data
//will be bound to this
//view.
$rendered_view = $renderer->renderToString('./views/view-with-escapable-css.php'); //Already
//escaped data
//will be bound
//to this view.
$renderer->renderToScreen('./views/view-with-escapable-js.php'); //Already escaped data will be
//bound to this view.
$bad_css_with_xss = <<<INPUT
body { background-image: url('http://example.com/foo.jpg?'); }</style>
<script>alert('You\\'ve been XSSed!')</script><style>
INPUT;
$bad_css_with_xss2 = ' display: block; " onclick="alert(\'You\\\'ve been XSSed!\'); ';
$view_data = [
'var_that_should_be_html_escaped' => '<script>alert("zf2");</script>',
'var_that_should_be_html_attr_escaped' => 'faketitle" onmouseover="alert(/ZF2!/);',
'var_that_should_be_css_escaped' => $bad_css_with_xss,
'another_var_that_should_be_css_escaped' => $bad_css_with_xss2,
'var_that_can_be_safely_js_escaped' => "javascript's cool",
'a_var_that_can_be_safely_js_escaped' => '563',
'a_var_that_cant_be_guaranteed_to_be_safely_js_escaped' => ' var x = \'Yo!\'; alert(x); ',
];
//an array of key(s) in the data array whose value(s) should each be html escaped
$data_vars_2_be_html_escaped = ['var_that_should_be_html_escaped'];
//an array of key(s) in the data array whose value(s) should each be html attr escaped
$data_vars_2_be_html_attr_escaped = ['var_that_should_be_html_attr_escaped'];
//an array of key(s) in the data array whose value(s) should each be css escaped
$data_vars_2_be_css_escaped = [
'var_that_should_be_css_escaped',
'another_var_that_should_be_css_escaped'
];
//an array of key(s) in the data array whose value(s) should each be js escaped
$data_vars_2_be_js_escaped = [
'var_that_can_be_safely_js_escaped',
'a_var_that_can_be_safely_js_escaped',
'a_var_that_cant_be_guaranteed_to_be_safely_js_escaped'
];
$escape_encoding = 'utf-8'; // should be the same encoding in which the document is served
// to the browser (ie. the encoding defined in your html document).
//create a renderer
$renderer = new \Rotexsoft\FileRenderer\Renderer();
//Escaping functionality is being enabled in the call to renderToScreen
//below because we are passing the $data_vars_2_be_*_escaped arrays to it.
//By default, if these escape parameters are not supplied, they will each
//internally be assigned an empty array value and merged with their
//corresponding internal \Rotexsoft\FileRenderer\Renderer property
//values for $renderer->data_vars_2_html_escape, $renderer->data_vars_2_css_escape
//$renderer->data_vars_2_html_attr_escape and $renderer->data_vars_2_js_escape.
//Note that these properties are protected and not externally accessible.
$renderer->renderToScreen(
'./views/view-with-escapable-html.php',
$view_data, //The escaping of the view data
$escape_encoding, //occurs only once during this
$data_vars_2_be_html_escaped, //first call to renderToScreen
$data_vars_2_be_html_attr_escaped, //in order to prevent escaping
$data_vars_2_be_css_escaped, //the same data more than once.
$data_vars_2_be_js_escaped
);
$renderer->renderToScreen(
'./views/view-with-escapable-html-attrs.php',
$view_data, //Already escaped data in the
$escape_encoding, //first call to renderToScreen
$data_vars_2_be_html_escaped, //will be bound to this view
$data_vars_2_be_html_attr_escaped, //because the $view_data and
$data_vars_2_be_css_escaped, //other parameters are the same
$data_vars_2_be_js_escaped //and we are rendering using the
); //same instance of the Renderer class.
$rendered_view = $renderer->renderToString(
'./views/view-with-escapable-css.php',
$view_data, //Already escaped data in the
$escape_encoding, //first call to renderToScreen
$data_vars_2_be_html_escaped, //will be bound to this view
$data_vars_2_be_html_attr_escaped, //because the $view_data and
$data_vars_2_be_css_escaped, //other parameters are the same
$data_vars_2_be_js_escaped //and we are rendering using the
); //same instance of the Renderer class.
$renderer->renderToScreen(
'./views/view-with-escapable-js.php',
$view_data, //Already escaped data in the
$escape_encoding, //first call to renderToScreen
$data_vars_2_be_html_escaped, //will be bound to this view
$data_vars_2_be_html_attr_escaped, //because the $view_data and
$data_vars_2_be_css_escaped, //other parameters are the same
$data_vars_2_be_js_escaped //and we are rendering using the
); //same instance of the Renderer class.
$layout_data = [];
$layout_renderer = new \Rotexsoft\FileRenderer\Renderer();
$layout_page_content_renderer = new \Rotexsoft\FileRenderer\Renderer();
//Render the page content and store it in the data array to be passed to the layout.
$layout_data['page_content'] =
$layout_page_content_renderer->renderToString('./sample-content-page.php');
//Render the layout
$layout_renderer->renderToScreen('./layout.php', $layout_data);
$layout_data = [];
$renderer = new \Rotexsoft\FileRenderer\Renderer();
//Render the page content and store it in the data array to be passed to the layout.
$layout_data['page_content'] = $renderer->renderToString('./sample-content-page.php');
//Render the layout
$renderer->renderToScreen('./layout.php', $layout_data);
$layout_data = []; //pass this data array to renderToScreen or renderToString
//when rendering layout.php. This is additional data that
//will only be available to layout.php.
//The 'page_content' entry in the array below will be available to all
//views rendered using $renderer. Passing a data array with a 'page_content'
//entry to renderToString or renderToScreen will cause the intial value of
//the 'page_content' entry (in this case 'Default Page Content!') to be
//ignored when rendering (the value of the 'page_content' entry in the data
//array passed to renderToString or renderToScreen will be used instead).
$shared_data = ['page_content' => 'Default Page Content!'];
$renderer = new \Rotexsoft\FileRenderer\Renderer('', $shared_data);
//Render the page content and store it in the data array to be passed to the layout.
$layout_data['page_content'] = $renderer->renderToString('./sample-content-page.php');
//Render the layout
$renderer->renderToScreen('./layout.php', $layout_data); // will cause
// $layout_data['page_content']
// to be used as $page_content
// in layout.php instead of the
// value of $shared_data['page_content'].
$renderer->renderToScreen('./layout.php'); // This will cause
// $shared_data['page_content']
// to be used as $page_content
// in layout.php because we are
// not passing any data array to
// renderToScreen so it looks for
// data in the $shared_data passed
// to the constructor. Note that
// the values in $shared_data are
// stored in a protected property
// of $renderer (ie. $renderer->data
// whose value is publicly accessible
// via $renderer->getData()).
<p>This is a sample page to be injected into <strong>layout.php</strong>.</p>
<?= $layout_content_1;
<p>This is a sample page to be injected into <strong>layout_content.php</strong>.</p>
<?= $layout_content_2;
<p>This is a sample page to be injected into <strong>layout_content_1.php</strong>.</p>
$layout_renderer = new \Rotexsoft\FileRenderer\Renderer('./layout.php');
$page_renderer = new \Rotexsoft\FileRenderer\Renderer('./layout_content.php');
$page_renderer2 = new \Rotexsoft\FileRenderer\Renderer('./layout_content_1.php');
$page_renderer3 = new \Rotexsoft\FileRenderer\Renderer('./layout_content_2.php');
$layout_renderer->layout_content= $page_renderer;
$page_renderer->layout_content_1= $page_renderer2;
$page_renderer2->layout_content_2= $page_renderer3;
echo $layout_renderer;
$layout_renderer = new \Rotexsoft\FileRenderer\Renderer('./layout.php');
$page_renderer = new \Rotexsoft\FileRenderer\Renderer('./layout_content.php');
$page_renderer2 = new \Rotexsoft\FileRenderer\Renderer('./layout_content_1.php');
$page_renderer3 = new \Rotexsoft\FileRenderer\Renderer('./layout_content_2.php');
<p>This is a sample page to be injected into <strong>layout_content_1.php</strong>.</p>
<!DOCTYPE html>
<html>
<head>
<title>Nesting Renderers Example</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div>
<p>This is a sample page to be injected into <strong>layout.php</strong>.</p>
<p>This is a sample page to be injected into <strong>layout_content.php</strong>.</p>
<p>This is a sample page to be injected into <strong>layout_content_1.php</strong>.</p>
</div>
</body>
</html>
Loading please wait ...
Before you can download the PHP files, the dependencies should be resolved. This can take some minutes. Please be patient.