$src_name vs. $src_filename (Auto-Detection part 2)
2005.10.14 23:15
Hot on the heels of the previous post about source file auto-detection using $src_name I discovered that I was wrong. SCRIPT_NAME does not necessarily reflect rewritten URLs, but SCRIPT_FILENAME does. In fact, under certain circumstances it's the only hook. Therefore $src_filename behaviour has been added to supercede $src_name if it is specified (it's an empty string by default). This variable was already in the source, but was simply vestigial remains from a prior version.
The only downside to using this variable is a slight decrease in security from Templation potentially pulling the contents of files outside the DOCUMENT_ROOT, although it still should be fairly secure since Apache has to somehow map to the file.
There also may be some hierarchy bugs associated with source files outside the document root. I'll be looking into this next week along with some final updates for beta 3.
