Stars: 159
Forks: 42
Pull Requests: 21
Issues: 48
Watchers: 26
Last Updated: 2023-09-06 01:35:20
A Simple and Secure Twig integration for CodeIgniter 3.x and 4.x
License: MIT License
Languages: PHP, Twig
This package provides simple Twig integration for CodeIgniter 4.x.
If you use CodeIgniter3, check master branch.
$ cd /path/to/codeigniter/
$ composer require kenjis/codeigniter-ss-twig
$this->twig = new \Kenjis\CI4Twig\Twig();
You can override the default configuration:
$config = [
'paths' => ['/path/to/twig/templates', VIEWPATH],
'cache' => '/path/to/twig/cache',
];
$this->twig = new \Kenjis\CI4Twig\Twig($config);
Render Twig template and output to browser:
$this->twig->display('welcome', $data);
The above code renders Views/welcome.twig
.
Render Twig template:
$output = $this->twig->render('welcome', $data);
The above code renders Views/welcome.twig
.
$this->twig->addGlobal('sitename', 'My Awesome Site');
$twig = $this->twig->getTwig();
base_url()
site_url()
anchor()
form_open()
form_close()
form_error()
form_hidden()
set_value()
csrf_field()
validation_list_errors()
Some helpers are added the functionality of auto-escaping for security.
octicon-alert mr-2" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true">
validation_list_errors()
shows Validation Errors by Services::validation()->listErrors()
,
and if you use user input for Validation Error messages, attackers may do XSS.
In such a case, validate user input and escape it by yourself.
You can add your functions and filters with configuration:
$config = [
'functions' => ['my_helper'],
'functions_safe' => ['my_safe_helper'],
'filters' => ['my_filter'],
];
$this->twig = new \Kenjis\CI4Twig\Twig($config);
If your function explicitly outputs HTML code, you want the raw output to be printed.
In such a case, use functions_safe
, and you have to make sure the output of
the function is XSS free.
@TODO
$ cd codeigniter-ss-twig
$ composer install
$ vendor/bin/phpunit