Follow us on Twitter X-Cart on Facebook Wiki
Shopping cart software Solutions for online shops and malls

Displaying smarty variables inside smarty variables

   X-Cart forums > Forum FAQs and guides
Thread Tools Search this Thread
Old 05-30-2006, 06:54 AM
  rubyaryat's Avatar 
rubyaryat rubyaryat is offline

Join Date: Feb 2003
Location: Canada
Posts: 289

Default Displaying smarty variables inside smarty variables

I recently revisited this problem and thought I'd share the solution.
Say you're setting up the help/conditions_customers.tpl page.
You want the smarty language variable:

to contain something like:


{$config.Company.location_city}, {$config.Company.location_state} {$config.Company.location_zipcode}

The trick is, in help/conditions_customers.tpl, instead of using the statement:


{eval var=$lng.txt_conditions_customer}

This will render the smarty variables within the smarty variable {$lng.txt_conditions_customer}.

Hope this helps someone,
__________________ - Your X-Cart services partner for over 9 years.
Modules offered: FedEx labels, Live currency rates, GeoIP, Order Audit, Multiple e-goods.
X-Cart Store Hosting, project management and affiliates program available.
4.2.3 gold [Unix]
Reply With Quote

The following user thanks rubyaryat for this useful post:
willieram (01-29-2010)
Old 05-30-2006, 07:23 AM
balinor balinor is offline

Join Date: Oct 2003
Location: Connecticut, USA
Posts: 30,253


Nice one...moving to FAQ
Padraic Ryan
Ryan Design Studio
Professional E-Commerce Development
Reply With Quote
Old 06-02-2006, 10:59 AM
  shan's Avatar 
shan shan is offline

Join Date: Sep 2002
Location: Birmingham, UK
Posts: 6,163


good find
Looking for a reliable X-cart host ?
You wont go wrong with either of these.

EWD Hosting
Hands On Hosting
Reply With Quote
Old 12-20-2006, 11:04 PM
  B00MER's Avatar 
B00MER B00MER is offline

Join Date: Sep 2002
Location: Keller, TX (
Posts: 3,165

Default Re: Displaying smarty variables inside smarty variables

There's a reason eval is one letter away from evIl

Most interpreted and semi-compiled programming languages provide a feature in which it is possible to have a variable that contains program code statements, and have that variable executed by the interpreter. Examples are VBScript's Eval function and Execute and ExecuteGlobal statements, and PHP's and Perl's eval function and /e regular expression modifiers. People have even used Java's Reflection mechanism to make Java interpreters that may execute dynamic Java statements inside Java programs, e.g. BeanShell [64].

Needless to say, if user input, whether directly or indirectly, is incorporated in strings handed to the evaluation mechanism, an attacker may "extend" the web application to do whatever he wants it to do by passing code statements as part of his input. We should never include user input in strings passed to the eval family of functions.

Just to note, eval can be an evil function if it is overused, be sure and use such sparingly. It can become a security exploit and even cause excessive cpu cycles on your server end.
Cart-Lab - 100+ Social Bookmarks for X-Cart.
Reply With Quote
   X-Cart forums > Forum FAQs and guides

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

All times are GMT -8. The time now is 05:50 PM.


X-Cart forums © 2001-2020