benanamen Posted August 8, 2016 Share Posted August 8, 2016 (edited) Security is the biggest problem when misusing PHP as a template engine. A “PHP template” is technically a full-blown application which may do absolutely anything: issue shell commands, write files, communicate with other hosts. Why on earth should a template have this power? Its sole purpose is to generate HTML, so it shouldn't do anything other than that. After reading many comments from @Jaques1 on using Twig and especially the quoted post by him I decided to learn Twig which is actually very easy to use. My question is, since anyone can view the template/twig source, is there any security issues with that? Also, what is the proper file extension for a twig template? I have seen .twig, .htm, .html. .phtml, .tpl and more. Edited August 8, 2016 by benanamen Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.