Skip to content

Advice: trimming quote marks in template extending #12

Description

@nael94

I advise you to trim quotations (single and double quotations) if they're passed in the custom template extending.

Here is an example:

[index.crow.php]
@mytestmethod('hello') // passing a string
@mytestmethod(hello)  // not a safe way to do this
[directives/Mytestmethod.php]
public function toPhpCode($parameters = null):string {
  $parameters = preg_replace('/^[\'"]|[\'"]$/', '', $parameters); // this must be a built-in value.
}

This will help trimming surrounding quotes when passing strings to work with it safely.
For other types like boolean, integer, float, array, object, ..., they're now being handled as string. I think it should cast them as following:

  • true|false = bool
  • 5 = int
  • 5.5 = float
  • null = null
  • [] = array
  • new stdClass = object
  • $callable() or function() = closure callable function as a parameter
  • strings are already typed as string. no need for more processes.

I also advise you to pass variables as parameter in the view, like this way:

@section('body')
  <x-alert-box level="info">
    @mytestmethod($var) // here to pass variable, not a string "\$var"
  </x-alert-box>

  @mytestmethod('string!')
@endsection

Remember to fix declaring and working with variables using @php method in the @section in the views.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions