kenjis/codeigniter-ss-twig
Stars: 159
Forks: 42
Pull Requests: 21
Issues: 48
Watchers: 26
Last Updated: 2023-09-06 01:35:20
A Simple and Secure Twig integration for CodeIgniter 3.x and 4.x
License: MIT License
Languages: PHP, Twig
CodeIgniter Simple and Secure Twig
This package provides simple Twig integration for CodeIgniter 4.x.
If you use CodeIgniter3, check master branch.
Requirements
- PHP 7.4 or later
- CodeIgniter 4.2.11 or later
- Twig 3.4.3 or later
Installation
With Composer
$ cd /path/to/codeigniter/
$ composer require kenjis/codeigniter-ss-twig
Usage
Loading Twig Library
$this->twig = new \Kenjis\CI4Twig\Twig();You can override the default configuration:
$config = [
'paths' => ['/path/to/twig/templates', VIEWPATH],
'cache' => '/path/to/twig/cache',
];
$this->twig = new \Kenjis\CI4Twig\Twig($config);Rendering Templates
Render Twig template and output to browser:
$this->twig->display('welcome', $data);The above code renders Views/welcome.twig.
Render Twig template:
$output = $this->twig->render('welcome', $data);The above code renders Views/welcome.twig.
Adding a Global Variable
$this->twig->addGlobal('sitename', 'My Awesome Site');Getting Twig\Environment Instance
$twig = $this->twig->getTwig();Supported CodeIgniter Helpers
base_url()site_url()anchor()form_open()form_close()form_error()form_hidden()set_value()csrf_field()validation_list_errors()
Some helpers are added the functionality of auto-escaping for security.
octicon-alert mr-2" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true">
validation_list_errors() shows Validation Errors by Services::validation()->listErrors(),
and if you use user input for Validation Error messages, attackers may do XSS.
In such a case, validate user input and escape it by yourself.
Adding Your Functions & Filters
You can add your functions and filters with configuration:
$config = [
'functions' => ['my_helper'],
'functions_safe' => ['my_safe_helper'],
'filters' => ['my_filter'],
];
$this->twig = new \Kenjis\CI4Twig\Twig($config);If your function explicitly outputs HTML code, you want the raw output to be printed.
In such a case, use functions_safe, and you have to make sure the output of
the function is XSS free.
References
Documentation
Samples
- https://github.com/kenjis/ci4-tettei-apps (Japanese)
@TODO
How to Run Tests
$ cd codeigniter-ss-twig
$ composer install
$ vendor/bin/phpunit
Related Projects for CodeIgniter 4.x
Libraries
- CodeIgniter 3 to 4 Upgrade Helper
- CodeIgniter3-like Captcha
- PHPUnit Helper
- CodeIgniter4 Attribute Routes
- CodeIgniter Simple and Secure Twig
- CodeIgniter4 Viewi Demo
Tutorials
- CodeIgniter 4 News Tutorial
- CodeIgniter 4 Validation Tutorial
- CodeIgniter4 Code Modules Test
- CodeIgniter 4 File Upload