[(#ENV{variable, default_value})] (since SPIP 1.8, 1.8.1)
#ENV{variable} is used to retrieve environment variables for a template, also known as its context [1].
A template can be passed this variable from the URL (the HTTP request) or from a file that it includes, or from the results of a form.
Example of a variable passed in the URL: spip.php?rubrique24&id_mot=5
Within rubrique.html, #ENV{id_mot} equals 5.
Example of a variable passed in an INCLURE:<INCLURE{fond=my_template} {id_article=136}>
Within my_template.html, #ENV{id_article} equals 136.
Default values
[(#ENV{variable, default_value})]: the optional parameter default_value contains the value that will be returned if the variable does not exist in the current context (equivalent to [(#ENV{variable}|sinon{default_value})]).
This is useful when one template is included by several other templates, and when a different behaviour is required depending on different contexts.
bypassing the security processes
By default, SPIP applies the interdire_scripts and entites_html scripts to the #ENV tag. Just as with any other tag, these automatic SPIP processes can be omitted using #ENV* and #ENV** (please refer to the article named #TAG* and #TAG** on how to use * and ** ).
#ENV* returns the variable without applying the entites_html filter, that is, without converting all the special characters into their equivalent HTML entities.
#ENV** returns the variable without applying the interdire_scripts function. It therefore returns content with any embedded PHP code already executed. [2]
This can pose a security problem if this variable is passed a code injection attack. This is why interdire_scripts is provided by default to disable any < and other <script language=php> references contained in the variable.
Nevertheless, #ENV** has a useful application when constructing some forms. Using the double asterisk is then necessary for displaying CVT forms. For example, to retrieve the table of errors within the form’s template file:
#ENV**{erreurs}|table_valeur{key}...