Please sign in to comment.
Disable Compiler fallback by default.
I inadvertently removed my `app/resources/tmp/cache/templates` folder and PHP was unable to write the compiled templates in it. Instead of throwing an exception/error, the Compiler returned the unparsed file without telling anyone what was happening (no error, no logs). With `$foo; ?>` appearing on the page I quickly saw that there was a problem but if I had `short_tags` turned on, the unescaped variable would have been printed (hello XSS!) and I would never have noticed it. This behavior is dangerous but needed for the diagnostic page to show properly on a default misconfigured installation of lithium. Short tags are purposedly avoided on its template so allowing it to use the compiler fallback is not a security/usability threat.
- Loading branch information...
Showing with 5 additions and 5 deletions.