Yii Framework Forum: $this->layout()->output() instead of $content - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

$this->layout()->output() instead of $content Rate Topic: -----

#1 User is offline   rabol 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 50
  • Joined: 08-October 08

Posted 11 October 2008 - 06:32 AM

Please consider not using hardcoded vars e.g $content.

A much cleaner solution would be something like $this->layout()->output();

Using as hardcoded var name could be a security issue e.g

Let's say that someone have register_global_vars on, then $content could be set through the URL

IMHO, hardcoded vars and global vars is 'bad' practice - I know that it improves performance but it can compromise security

0

#2 User is offline   qiang 

  • Yii Project Lead
  • Yii
  • Group: Yii Dev Team
  • Posts: 5,875
  • Joined: 04-October 08
  • Location:DC, USA

Posted 11 October 2008 - 06:54 AM

These are just local variables which won't conflict with global variables, even if you turn on register_global_vars. Also, $content is the only local variable used in layout only. So it won't conflict with your own variables, either.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users