Skip to content

kenjis/codeigniter-ss-twig

Repository files navigation

CodeIgniter Simple and Secure Twig

Latest Stable Version Total Downloads Latest Unstable Version License

This package provides simple Twig integration for CodeIgniter 4.x.

If you use CodeIgniter 3, check master branch. But Upgrading to CodeIgniter 4 is strongly recommended.

Requirements

  • PHP 7.4 or later
  • CodeIgniter 4.2.11 or later
  • Twig 3.4.3 or later

Installation

With Composer

$ cd /path/to/codeigniter/
$ composer require kenjis/codeigniter-ss-twig

Usage

Loading Twig Library

$this->twig = new \Kenjis\CI4Twig\Twig();

You can override the default configuration:

$config = [
    'paths' => ['/path/to/twig/templates', VIEWPATH],
    'cache' => '/path/to/twig/cache',
];
$this->twig = new \Kenjis\CI4Twig\Twig($config);

Rendering Templates

Render Twig template and output to browser:

$this->twig->display('welcome', $data);

The above code renders Views/welcome.twig.

Render Twig template:

$output = $this->twig->render('welcome', $data);

The above code renders Views/welcome.twig.

Adding a Global Variable

$this->twig->addGlobal('sitename', 'My Awesome Site');

Getting Twig\Environment Instance

$twig = $this->twig->getTwig();

Supported CodeIgniter Helpers

  • base_url()
  • site_url()
  • anchor()
  • form_open()
  • form_close()
  • form_error()
  • form_hidden()
  • set_value()
  • csrf_field()
  • validation_list_errors()

Some helpers are added the functionality of auto-escaping for security.

Warning validation_list_errors() shows Validation Errors by Services::validation()->listErrors(), and if you use user input for Validation Error messages, attackers may do XSS. In such a case, validate user input and escape it by yourself.

Adding Your Functions & Filters

You can add your functions and filters with configuration:

$config = [
    'functions'      => ['my_helper'],
    'functions_safe' => ['my_safe_helper'],
    'filters'        => ['my_filter'],
];
$this->twig = new \Kenjis\CI4Twig\Twig($config);

If your function explicitly outputs HTML code, you want the raw output to be printed. In such a case, use functions_safe, and you have to make sure the output of the function is XSS free.

References

Documentation

Samples

How to Run Tests

$ cd codeigniter-ss-twig
$ composer install
$ vendor/bin/phpunit

Related Projects for CodeIgniter 4.x

Libraries

Tutorials

Building Development Environment