» Details |
---|
|
» Comment |
Overall pretty good. Just some conditions based on some of my previous comments: - "$instruction = $template->createProcessingInstruction('php', "echo \$this->form['{$field_name}']['html']?");" should be made hack-proof by escaping single quotes ' in $field_name to prevent PHP code injection. - Spinning the templateConvert() method into a factorized template converter class doesn't take long to do and should already stabilize the API (even though still alpha) Not strictly essential, but will allow other contributors to write other template converter more easily. |