Disabled sandbox for templates by default

You can still enable the sandbox by setting sandbox=true within the include tag. In fact you shouldn't do it anyway unless you have a real good reason ;)

diff --git a/wcfsetup/install/files/lib/system/template/TemplateScriptingCompiler.class.php b/wcfsetup/install/files/lib/system/template/TemplateScriptingCompiler.class.php
index 0b7362810fdc38a1c81bed546d0f715fb6bc3c02..f781b158652dd027cf7f66dc32f36a8a2455f735 100644 (file)
--- a/wcfsetup/install/files/lib/system/template/TemplateScriptingCompiler.class.php
+++ b/wcfsetup/install/files/lib/system/template/TemplateScriptingCompiler.class.php
@@ -742,7 +742,7 @@ class TemplateScriptingCompiler {
                        unset($args['append']);
                }
                
-               $sandbox = true;
+               $sandbox = false;
                if (isset($args['sandbox'])) {
                        $sandbox = $args['sandbox'];
                        unset($args['sandbox']);
@@ -810,7 +810,7 @@ class TemplateScriptingCompiler {
                        $phpCode .= "ob_start();\n";
                }
                
-               $phpCode .= '$this->includeTemplate('.$file.', array('.$argString.'), ('.$sandbox.' ? 1 : 0), $this->v[\'__PACKAGE_ID\']);'."\n";
+               $phpCode .= '$this->includeTemplate('.$file.', array('.$argString.'), '.($sandbox ? 1 : 0).', $this->v[\'__PACKAGE_ID\']);'."\n";
                
                if ($assignVar !== false) {
                        $phpCode .= '$this->'.($append ? 'append' : 'assign').'('.$assignVar.', ob_get_clean());'."\n";