Symfony/Doctrine: Unserialize in action vs template(Symfony/Doctrine:反序列化在行动与模板)
问题描述
谁能告诉我为什么调用反序列化"在操作中可以正常工作,但在模板中会出现偏移错误?
Can anyone tell me why calling "unserialize" works fine in an action but gives an offset error in a template?
基本上可以将数据库文本结果反序列化为操作中的变量并将其传递给模板,在这种情况下它可以正常显示:
It's basically possible to unserialize a database text result into a variable in an action and pass it to template, in which case it displays fine:
$this->clean = unserialize($this->raw);
<?php echo $clean ?>
但如果直接在模板中调用则不会:
But not if called directly in a template:
<?php echo unserialize($raw) ?>
想知道为什么会这样以及是否有一些解决方法.
Would be interested in knowing why this is so and whether there's some workaround.
谢谢.
推荐答案
Symfony 将所有模板变量放入一个 sfOutputEscaperArrayDecorator
类.所以当你编写 unserialize($var)
时,实际上是在尝试对 sfOutputEscaperArrayDecorator 类进行反序列化.
Symfony puts all template variables into a sfOutputEscaperArrayDecorator
class. So when you write unserialize($var)
, you are actually trying to unserialize the sfOutputEscaperArrayDecorator class.
我建议在 settings.yml 中关闭输出转义:
I recommend turning off output escaping in settings.yml:
escaping_strategy: false
这是 Symfony 中一个愚蠢的、破坏性能的、不必要的功能,需要被扼杀.
It is a stupid, performance-slaughtering, unnecessary feature of Symfony that needs murdered.
更新:
如果您关闭 escaping_strategy,您将需要使用 htmlSpecialCharacters()
手动转义用户的输入(以防止 XSS).
If you turn off escaping_strategy, you will need to manually escape input from the users (to prevent XSS) with htmlSpecialCharacters()
.
Symfony 类会为您做到这一点,但这意味着它还会转义每一个数字和字符——您已经知道其中 99% 是安全的(ID、日期、您自己的内容).当我关闭自动转义时,我的服务器负载明显下降.
The Symfony class does that for you, but that means it also escapes every single number and character -- 99% of which you already know will be safe (IDs, dates, your own content). When I turned off the automatic escaping, my server load fell significantly.
请记住,如果您将 sfOutputEscaperArrayDecorator
传递给部分,Symfony 双重应用这种自动转义,这意味着 >
将变为 <代码>&gt;代码>
Keep in mind that Symfony double-applies this automatic escaping if you pass a sfOutputEscaperArrayDecorator
to a partial, meaning >
will become &gt;
这篇关于Symfony/Doctrine:反序列化在行动与模板的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!
本文标题为:Symfony/Doctrine:反序列化在行动与模板
- 带有通配符的 Laravel 验证器 2021-01-01
- Mod使用GET变量将子域重写为PHP 2021-01-01
- PHP Count 布尔数组中真值的数量 2021-01-01
- SoapClient 设置自定义 HTTP Header 2021-01-01
- 没有作曲家的 PSR4 自动加载 2022-01-01
- 从 PHP 中的输入表单获取日期 2022-01-01
- Laravel 仓库 2022-01-01
- 如何定位 php.ini 文件 (xampp) 2022-01-01
- Oracle 即时客户端 DYLD_LIBRARY_PATH 错误 2022-01-01
- 正确分离 PHP 中的逻辑/样式 2021-01-01