XTemplate 2.0

Brand new minimalistic implementation

Trustmaster	#14054 2009-07-11 19:47
Administrators Thanked: 265 kez	When we played with XTemplate, we discovered that its code is quite messy and inefficient. We thought of probably rewriting it but at a very low priority. But a bit of spare time and an important security flaw I found in previous XTemplate implementation (PHP injection in logical statements) encouraged me to write a brand new implementation of XTemplate from scratch. It is almost backwards compatible with original XTemplate, but it only implements those features that we use in Cotonti. This principle is called minimalistic. Here is what it supports: Blocks and original XTemplate flow control Variable substitutions (aka tags) Logical blocks (if/else/endif) Inclusion of other templates within templates with FILE Here is what it does not support: Callbacks Customizable syntax Another principle is strict. It means that: Statements are case sensitive. It will understand BEGIN but not begin: <!-- BEGIN: TEST --> <div>This is a valid block!</div> <!-- END: TEST --> <!-- begin: test --> <div>This block is invalid!</div> <!-- end: test --> Spaces matter, especially in logical statements. There must be spaces in statements at correct positions, e.g. <!-- IF {PHP.something} > 0 --> <div>This is a valid block!</div> <!-- ENDIF --> <!--IF{PHP.something}>0--> <div>This block is invalid!</div> <!--ENDIF--> Logical expressions are limited functionality. Supported logical operators are: AND, OR (AND has higher priority). Parenthesis is not supported. Supported comparison operators are: ==, !=, <, >, <=, >=, !. First operand of comparison must be a template variable e.g. {PHP.my.test}. Second operand may be a template variable, a number or a quoted string. Example: <!-- IF {USER_DETAILS_NAME} = 'Mark' AND {PHP.g} >= 6 OR !{PHP.error_string} --> <div>The expression is true!</div> <!-- ELSE --> <div>The expression is false!</div> <!--END:TEST--> Nested logical blocks are not supported, e.g. <!-- IF {PHP.foo} = 'test' --> <!-- IF {PHP.bar} --> <div>This block is invalid!</div> <!-- ENDIF --> <!-- ENDIF --> Template blocks inside of logical blocks are not supported, e.g. <!-- IF {PHP.foo} = 'test' --> <!-- BEGIN: BAR --> <div>This block is invalid!</div> <!-- END: BAR --> <!-- ENDIF --> The third principle is fast. XTemplate 2.0 is much faster than original XTemplate 1.0, literally 2 times faster. Benchmarks demonstrate 5-35% RPS (requests per second) increase for entire pages after upgrade. The fourth principle is lightweight. The code is 4 times smaller. What's new in XTemplate 2.1: Block names are no more space sensitive, so it's compatible with XTemplate 1.0 Support for {FILE "path/to/template.tpl"} Disk cache for better performance May the Source be with you!
Bu gönderi Trustmaster tarafından düzenlendi (2009-08-02 15:18, 15 yıllar önce)

Trustmaster

#14054 2009-07-11 19:47

When we played with XTemplate, we discovered that its code is quite messy and inefficient. We thought of probably rewriting it but at a very low priority. But a bit of spare time and an important security flaw I found in previous XTemplate implementation (PHP injection in logical statements) encouraged me to write a brand new implementation of XTemplate from scratch.

It is almost backwards compatible with original XTemplate, but it only implements those features that we use in Cotonti. This principle is called minimalistic. Here is what it supports:

Blocks and original XTemplate flow control
Variable substitutions (aka tags)
Logical blocks (if/else/endif)
Inclusion of other templates within templates with FILE

Here is what it does not support:

Callbacks
Customizable syntax

Another principle is strict. It means that:

Statements are case sensitive. It will understand BEGIN but not begin:

<!-- BEGIN: TEST -->
    <div>This is a valid block!</div>
<!-- END: TEST -->

<!-- begin: test -->
    <div>This block is invalid!</div>
<!-- end: test -->

Spaces matter, especially in logical statements. There must be spaces in statements at correct positions, e.g.

<!-- IF {PHP.something} > 0 -->
    <div>This is a valid block!</div>
<!-- ENDIF -->

<!--IF{PHP.something}>0-->
    <div>This block is invalid!</div>
<!--ENDIF-->

Logical expressions are limited functionality. Supported logical operators are: AND, OR (AND has higher priority). Parenthesis is not supported. Supported comparison operators are: ==, !=, <, >, <=, >=, !. First operand of comparison must be a template variable e.g. {PHP.my.test}. Second operand may be a template variable, a number or a quoted string. Example:
```

    <div>The expression is true!</div>

    <div>The expression is false!</div>

```

Nested logical blocks are not supported, e.g.

<!-- IF {PHP.foo} = 'test' -->
    <!-- IF {PHP.bar} -->
        <div>This block is invalid!</div>
    <!-- ENDIF -->
<!-- ENDIF -->

Template blocks inside of logical blocks are not supported, e.g.

<!-- IF {PHP.foo} = 'test' -->
    <!-- BEGIN: BAR -->
        <div>This block is invalid!</div>
    <!-- END: BAR -->
<!-- ENDIF -->

The third principle is fast. XTemplate 2.0 is much faster than original XTemplate 1.0, literally 2 times faster. Benchmarks demonstrate 5-35% RPS (requests per second) increase for entire pages after upgrade.

The fourth principle is lightweight. The code is 4 times smaller.

What's new in XTemplate 2.1:

Block names are no more space sensitive, so it's compatible with XTemplate 1.0
Support for {FILE "path/to/template.tpl"}
Disk cache for better performance

May the Source be with you!

Bu gönderi Trustmaster tarafından düzenlendi (2009-08-02 15:18, 15 yıllar önce)