Symfony / Doctrine:Unserialize in action vs template [英] Symfony/Doctrine: Unserialize in action vs template
问题描述
任何人都可以告诉我为什么调用unserialize在一个动作中正常工作,但在模板中给出了偏移量错误?
基本上可以取消对数据库文本结果进行排序在一个动作中变成一个变量,并将其传递给模板,在这种情况下它会显示正确的:
$ this-> clean =反序列化($这 - >生);
<?php echo $ clean?>
但是,如果直接在模板中调用,则不能:
<?php echo unserialize($ raw)?>有兴趣了解为什么会这样,以及是否有一些解决方法。
$ b
<
$ b
谢谢。
Symfony将所有模板变量放入 sfOutputEscaperArrayDecorator
类。所以当你写 unserialize($ var)
时,你实际上是试图取消串行化sfOutputEscaperArrayDecorator类。
我推荐在settings.yml中关闭输出转义:
escaping_strategy:false
这是一个愚蠢的,表演屠杀的Symfony的不必要的功能,需要被谋杀。
更新:
如果您关闭escaping_strategy,则需要手动将用户的输入(以防止XSS)从 htmlSpecialCharacters ()
。
Symfony类为您做,但这意味着它也可以转义每个单个数字和字符 - 其中99%你已经知道会安全(ID,日期,你自己的内容)。当我关闭自动转义时,我的服务器负载明显下降。
请记住,Symfony 双重应用这个自动转义如果你通过一个 sfOutputEscaperArrayDecorator
到一个部分,意思是>
将成为& amp; amp; amp; / code>
Can anyone tell me why calling "unserialize" works fine in an action but gives an offset error in a template?
It's basically possible to unserialize a database text result into a variable in an action and pass it to template, in which case it displays fine:
$this->clean = unserialize($this->raw);
<?php echo $clean ?>
But not if called directly in a template:
<?php echo unserialize($raw) ?>
Would be interested in knowing why this is so and whether there's some workaround.
Thanks.
Symfony puts all template variables into a sfOutputEscaperArrayDecorator
class. So when you write unserialize($var)
, you are actually trying to unserialize the sfOutputEscaperArrayDecorator class.
I recommend turning off output escaping in settings.yml:
escaping_strategy: false
It is a stupid, performance-slaughtering, unnecessary feature of Symfony that needs murdered.
Updated:
If you turn off escaping_strategy, you will need to manually escape input from the users (to prevent XSS) with htmlSpecialCharacters()
.
The Symfony class does that for you, but that means it also escapes every single number and character -- 99% of which you already know will be safe (IDs, dates, your own content). When I turned off the automatic escaping, my server load fell significantly.
Keep in mind that Symfony double-applies this automatic escaping if you pass a sfOutputEscaperArrayDecorator
to a partial, meaning >
will become &gt;
这篇关于Symfony / Doctrine:Unserialize in action vs template的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!