#ENV

#ENV{parameter} retrieves environment variables passed to the template. A second argument allows a default value to be given if the requested parameter is not present in the environment or if its content is empty.

  • New in : SPIP 1.8

Description

[(#ENV{parameter, default_value})]

Search in a sub-array
The environment parameter name may also contain slashes / indicating to search in a subarray. This is equivalent to calling the |table_valeur filter and is also valid on #GET, #SESSION and #CONFIG tags.

#ENV{parameter/in/array, default_value}
// equivalent to:
[(#ENV**{parameter}|table_valeur{in/array, default_value})]

Finally, the #ENV tag alone returns a serialized array of all environment parameters.

Examples

Retrieve an article identifier, otherwise the string "new":

#ENV{id_article,new}

Retrieve in a loop the values of the id_rubrique and the id_mot passed in the URL spip.php?rubrique24&id_mot=5

<BOUCLE_art(ARTICLES){id_rubrique=#ENV{id_rubrique}}{id_mot=#ENV{id_mot}}>

Retrieve the id_article given in an INCLURE:

<INCLURE{fond=my_template, id_article=136}>

In my_template.html, #ENV{id_article} worth 136.

Advanced examples

With in the URL ?display[articles]=yes, test if we display the articles :

#ENV{display/articles} // display 'yes'
</cadre >
 
Display the whole environment (useful for debugging):
<cadre class='spip'>
[<pre>(#ENV**|unserialize|print_r{1})</pre>]

Important: For security reasons, this code must be removed at the end of the development of your site.

Bypassing safety treatments

By default, SPIP applies the interdire_scripts() functions and |entites_html to the tag #ENV. As with any tag, you can suppress SPIP’s automatic processing with #ENV* and #ENV** (see, for the use of * and **, the article #TAG* and #TAG**).

-  #ENV* returns the variable without applying the |entites_html filter, so without transforming all special characters into HTML entities.

-  #ENV** returns the variable without also applying the interdire_scripts() function. It therefore returns the executed PHP.
This can be a security problem if this variable receives a code injection.

Nevertheless #ENV** has applications, for example in the private area, where the interdire_scripts() is applied in a more restrictive way. In this case, #ENV** allows these restrictions to be lifted in a very localised manner. But again, use with caution!

See also

On Programmer.spip.net

Author Mark Published : Updated : 26/09/22

Translations : عربي, català, English, Español, français, Nederlands, русский, Türkçe, українська