kenjis / codeigniter-ss-twig
A Simple and Secure Twig integration for CodeIgniter
Installs: 91 225
Dependents: 1
Suggesters: 4
Security: 0
Stars: 168
Watchers: 25
Forks: 46
Open Issues: 2
Requires
- php: >=7.4.0
- twig/twig: ^3.4.3
Requires (Dev)
- codeigniter4/devkit: ^1.1
- codeigniter4/framework: ^4.2.11
- phpunit/phpunit: ^9.5
README
This package provides simple Twig integration for CodeIgniter 4.x.
If you use CodeIgniter 3, check master branch. But Upgrading to CodeIgniter 4 is strongly recommended.
Requirements
- PHP 7.4 or later
- CodeIgniter 4.2.11 or later
- Twig 3.4.3 or later
Installation
With Composer
$ cd /path/to/codeigniter/
$ composer require kenjis/codeigniter-ss-twig
Usage
Loading Twig Library
$this->twig = new \Kenjis\CI4Twig\Twig();
You can override the default configuration:
$config = [ 'paths' => ['/path/to/twig/templates', VIEWPATH], 'cache' => '/path/to/twig/cache', ]; $this->twig = new \Kenjis\CI4Twig\Twig($config);
Rendering Templates
Render Twig template and output to browser:
$this->twig->display('welcome', $data);
The above code renders Views/welcome.twig
.
Render Twig template:
$output = $this->twig->render('welcome', $data);
The above code renders Views/welcome.twig
.
Adding a Global Variable
$this->twig->addGlobal('sitename', 'My Awesome Site');
Getting Twig\Environment Instance
$twig = $this->twig->getTwig();
Supported CodeIgniter Helpers
base_url()
site_url()
anchor()
form_open()
form_close()
form_error()
form_hidden()
set_value()
csrf_field()
validation_list_errors()
Some helpers are added the functionality of auto-escaping for security.
Warning
validation_list_errors()
shows Validation Errors byServices::validation()->listErrors()
, and if you use user input for Validation Error messages, attackers may do XSS. In such a case, validate user input and escape it by yourself.
Adding Your Functions & Filters
You can add your functions and filters with configuration:
$config = [ 'functions' => ['my_helper'], 'functions_safe' => ['my_safe_helper'], 'filters' => ['my_filter'], ]; $this->twig = new \Kenjis\CI4Twig\Twig($config);
If your function explicitly outputs HTML code, you want the raw output to be printed.
In such a case, use functions_safe
, and you have to make sure the output of
the function is XSS free.
References
Documentation
Samples
How to Run Tests
$ cd codeigniter-ss-twig
$ composer install
$ vendor/bin/phpunit
Related Projects for CodeIgniter 4.x
Libraries
- CodeIgniter 3 to 4 Upgrade Helper
- CodeIgniter3-like Captcha
- PHPUnit Helper
- CodeIgniter4 Attribute Routes
- CodeIgniter Simple and Secure Twig
- CodeIgniter4 Viewi Demo
Tutorials
- CodeIgniter 4 News Tutorial
- CodeIgniter 4 Validation Tutorial
- CodeIgniter4 Code Modules Test
- CodeIgniter 4 File Upload
- CodeIgniter 4 QueryBuilder Batch Sample