Jump to content

TemplateEditor


Nico Knoll
 Share

Recommended Posts

Hi,

I wrote a new module this evening:

Template Editor

This module adds the possibility to edit and rename template files directly from the backend.


Requirement:

It's important to have this module installed and PW 2.2 running.

Download: http://modules.proce...emplate-editor/

Edited by Nico Knoll
Added the "module" tag and removed it from title.
  • Like 7
Link to comment
Share on other sites

Looks great Nico. Just a couple small suggestions:

1. Rather than using $_POST, it's better to use $this->input->post or wire('input')->post, because it's always possible that $_POST could be affected by the server's magic_quotes setting.

2. When loading or writing to a file, add some extra validation so that someone can't hack through it and start viewing and modifying other files on the server. Example of one way you could do it:

$name = $this->config->paths->templates . $this->sanitizer->name(basename($this->input->get->file)); 
if(!is_file($name)) throw new WireException("Template file not found"); 

3. Your execute() method returns a form witha 'delete' action, but I can't see any implementation of that?

Link to comment
Share on other sites

Great module!

I have one itsy-bitsy problem with it which is to do with the way I have been constructing templates.

My "templates.php" files are all in the template directory (obviously) but their inner workings are in a directory called "includes" and I can't get to them.

Would there be anyway of being able to access subfolders?

Joss

  • Like 1
Link to comment
Share on other sites

  • 4 months later...

Hey Nico,

I was just testing this out and get several PHP warnings and the template files show up blank.

Warning: fread() expects parameter 1 to be resource, boolean given in /xxx/site/modules/TemplateEditor/TemplateEditor.module on line 77
 
Warning: fclose() expects parameter 1 to be resource, boolean given in /xxx/site/modules/TemplateEditor/TemplateEditor.module on line 78
 
Notice: Trying to get property of non-object in /xxx/site/modules/InputfieldAceEditor/InputfieldAceEditor.module on line 126
 
Let me know if I can provide any other debug info.
Link to comment
Share on other sites

  • 8 months later...
  • 1 month later...

I just tested this module again myself. The issue is most likely with file permissions. Not that you should necessarily leave it this way permanently, but try chmod'ing everything in your templates folder to 0777. If they are still blank, then you might have fopen disabled somewhere in your php config. Let us know how you go with these two options.  

Link to comment
Share on other sites

It really depends on the owner of those files and also the user that PHP is running as. Chances are you don't need to set them to 777. You should be able to set them to the same setting as the site/assets/ and site/config.php when you installed PW and also the modules directory, if you installed ModulesManager. Basically you need to set it to the lowest level that allows it to work, which would be write access for the owner (assuming the owner matches the php user. Does that make sense?

If you are worried about security, you could ask your host about running PHP under SuExec and CGI.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...