Can anyone tell me why calling "unserialize" works fine in an action but gives an offset error in a template?
It's basically possible to unserialize a database text result into a variable in an action and pass it to template, in which case it displays fine:
$this->clean = unserialize($this->raw);
<?php echo $clean ?>
But not if called directly in a template:
<?php echo unserialize($raw) ?>
Would be interested in knowing why this is so and whether there's some workaround.
Thanks.
Symfony puts all template variables into a sfOutputEscaperArrayDecorator
class. So when you write unserialize($var)
, you are actually trying to unserialize the sfOutputEscaperArrayDecorator class.
I recommend turning off output escaping in settings.yml:
escaping_strategy: false
It is a stupid, performance-slaughtering, unnecessary feature of Symfony that needs murdered.
Updated:
If you turn off escaping_strategy, you will need to manually escape input from the users (to prevent XSS) with htmlSpecialCharacters()
.
The Symfony class does that for you, but that means it also escapes every single number and character -- 99% of which you already know will be safe (IDs, dates, your own content). When I turned off the automatic escaping, my server load fell significantly.
Keep in mind that Symfony double-applies this automatic escaping if you pass a sfOutputEscaperArrayDecorator
to a partial, meaning >
will become &gt;