Breaking Changes in v1.10.00: Difference between revisions
Miqrogroove (talk | contribs) (Templates) |
Miqrogroove (talk | contribs) |
||
| Line 70: | Line 70: | ||
=== Deleted Functions === | === Deleted Functions === | ||
The <code>loadtemplates()</code> and <code>template()</code> functions do not exist in v1.10.00. They have been replaced by the shared | The <code>loadtemplates()</code> and <code>template()</code> functions do not exist in v1.10.00. They have been replaced by the shared <code>template</code> service. To render a simple template, the code now looks like this: | ||
<pre> | <pre> | ||
| Line 78: | Line 78: | ||
</pre> | </pre> | ||
=== Registered Global Variables | === Registered Global Variables === | ||
This will be the first version of XMB where it is impossible to pass a variable directly from user input to template output. | This will be the first version of XMB where it is impossible to pass a variable directly from user input to template output. | ||
| Line 94: | Line 94: | ||
You might notice there isn't any defined property named <code>fid</code> in the underlying code. This is called a dynamic property and it was chosen as one of the cleanest styles available for coding. | You might notice there isn't any defined property named <code>fid</code> in the underlying code. This is called a dynamic property and it was chosen as one of the cleanest styles available for coding. | ||
Of course, most pages need many variables, so you | Of course, most pages need many variables, so you might want to import the XMB function names or the entire namespace. | ||
<pre> | <pre> | ||
| Line 104: | Line 104: | ||
$template->pid = getInt('pid'); | $template->pid = getInt('pid'); | ||
</pre> | </pre> | ||
=== Registered Shared Variables === | |||
To provide backward compatibility with old templates, the shared <code>template</code> service automatically registers four variables for you: | |||
* <code>$full_url</code> | |||
* <code>$lang</code> | |||
* <code>$SETTINGS</code> | |||
* <code>$THEME</code> | |||
There is one caveat: This works for old variables, not the obsolete ones. Due to the removal of all global variables, any array elements of the settings and theme systems are no longer registered as individually. In other words, the obsolete <code>$bbname</code> must be expressed as <code>$SETTINGS['bbname']</code> and the obsolete <code>$bordercolor</code> must be expressed as <code>$THEME['bordercolor']</code>. | |||
=== Full PHP Syntax === | |||
This is the biggest change to the templates themselves. Don't worry, there is a conversion script available for anyone who needs to convert old custom templates. | |||
Templates are now processed as full PHP. In older versions, templates were stored in the website itself and processed as string literals to prevent remote code execution. | |||
The preferred style for variable replacement is to use short tags. So instead of <code>$full_url</code> you would write <code><?= $full url ?></code>. | |||
Revision as of 11:55, 2 January 2025
Customizing and migrating to v1.10.00 will require some new changes.
Queries
There are two main changes that affect all database queries in XMB.
Global $db Service Locator
Instead of providing a global variable named $db, XMB now offers two services named db and sql.
For a direct replacement of the global shared object reference, just add this near the top of your file:
$db = \XMB\Services\db();
If you need to create a 2nd database connection (to a different account or server) within your script, then use the revised class name instead:
$db2 = new \XMB\MySQLiDatabase(debug: false, logErrors: true); $db2->connect(...);
Internally, XMB is starting to use methods of the shared sql service instead of direct or prepared statements. This results in cleaner and more secure code. For example, to get the shared service and check your inbox:
$sql = \XMB\Services\sql(); $vars = \XMB\Services\vars(); $msgCount = $sql->countU2UInbox($vars->self['username']);
If you wish to write similar query methods, the best practice is to create your own object class rather than try to modify the XMB service.
The X_PREFIX Constant
Instead of providing a global constant named X_PREFIX, XMB now stores the $tablepre variable from config.php as a property of the shared vars service. The direct replacement looks like this:
$vars = \XMB\Services\vars(); $statement = 'SELECT * FROM' . $vars->tablepre . 'ranks';
Example
Here is an actual query from the old cp2.php file:
require 'header.php';
$query = $db->query("SELECT * FROM ".X_PREFIX."restricted ORDER BY id");
Here is how it changed in the new restrictions.php file during development of v1.10.00:
require ROOT . 'header.php';
$db = \XMB\Services\db();
$vars = \XMB\Services\vars();
$query = $db->query("SELECT * FROM " . $vars->tablepre . "restricted ORDER BY id");
Templates
The template system has moved to the templates subdirectory of the website and is no longer stored in the database.
Deleted Functions
The loadtemplates() and template() functions do not exist in v1.10.00. They have been replaced by the shared template service. To render a simple template, the code now looks like this:
$template = \XMB\Services\template();
$output = $template->process('file_name.php');
Registered Global Variables
This will be the first version of XMB where it is impossible to pass a variable directly from user input to template output.
In older versions, it was possible and sometimes adequate to sanitize a global variable such as $fid = (int) $fid; and use it in the template without further consideration.
Starting with v1.10.00 it is required to manually register each variable with the shared template service or a separate instance (discussed later). Here is how we might handle the old $fid input:
$template = \XMB\Services\template();
$template->fid = \XMB\getInt('fid');
You might notice there isn't any defined property named fid in the underlying code. This is called a dynamic property and it was chosen as one of the cleanest styles available for coding.
Of course, most pages need many variables, so you might want to import the XMB function names or the entire namespace.
namespace XMB;
$template = Services\template();
$template->fid = getInt('fid');
$template->pid = getInt('pid');
To provide backward compatibility with old templates, the shared template service automatically registers four variables for you:
$full_url$lang$SETTINGS$THEME
There is one caveat: This works for old variables, not the obsolete ones. Due to the removal of all global variables, any array elements of the settings and theme systems are no longer registered as individually. In other words, the obsolete $bbname must be expressed as $SETTINGS['bbname'] and the obsolete $bordercolor must be expressed as $THEME['bordercolor'].
Full PHP Syntax
This is the biggest change to the templates themselves. Don't worry, there is a conversion script available for anyone who needs to convert old custom templates.
Templates are now processed as full PHP. In older versions, templates were stored in the website itself and processed as string literals to prevent remote code execution.
The preferred style for variable replacement is to use short tags. So instead of $full_url you would write <?= $full url ?>.
