Anyone using stream variables?

[wisskid]

Smarty supports stream variables, as documented here. With security enabled with its default configuration, this will allow you to read from the filesystem. Without security enabled, you can access any PHP stream. On my system, the list is:

    [0] => https
    [1] => ftps
    [2] => compress.zlib
    [3] => php
    [4] => file
    [5] => glob
    [6] => data
    [7] => http
    [8] => ftp
    [9] => phar
    [10] => zip

IMHO, no one should be reading from PHP streams from within a template. I propose to remove this feature from Smarty entirely in a future version.

Note that this is not the same as using streams for loading templates, as documented here.

[marclaporte]

For the record, the Tiki project uses Smarty since 2002 (https://doc.tiki.org/Smarty-Templates) but doesn't use this feature.

[wisskid]

Not a lot of votes on this one, but unanimous. I plan to deprecate this in v5.1: #933