Symphony.

Since this extension seems to be abandoned I've forked it to the Symphonists collaborative account and merged all recent changes into it. Hopefully this will make future maintenance a bit easier.

I'll get that changed on the extension page.

Taken from the Readme:

Warning: safe evaluation has not been added yet. Do not enable this extension if you are not absolutely sure that your Symphony installation is secure.

What does it mean? What does secure mean?

It means bulletpoint "6" from the readme:

6. (optional) If you want your parameters to be evaluated as PHP code you need to enable it in the global preferences section.

The fact that you can provide any PHP code as a string (that has to be executed using eval()) is generally seen as an insecurity because of the possibility of injecting malicious code by mere manipulation of a variable.

Symphony is doing that all over the place by the way: creating a .php file from a string/template file is exactly the same thing.

Aha, thanks for making it clear.

Just installed the extension with Symphony 2.2.5. Before I selected "Allow parameters to be evaluated with eval" the return ('test'); gave the same "return ('test')". After I selected the "Allow parameters ..." I always get "Parse error: syntax error, unexpected $end in /home/user/Dev/mysite.com/extensions/globalparamloader/extension.driver.php(106) : eval()'d code on line 1" when I load a page for which the global params are enabled. There is no way I can turn off the "Allow parameters to be evaluated", every time I click to turn it off, and click "save changes" the page reloads with the check box checked again. Is there a way to fix that?

I realized it why I got the Parse error. Once "Allow parameters to be evaluated" you can't just type a constant as a value, it should be return ('value'); instead. But the issue of not being able to turn the evaluation off still remains.

Can you log this as an issue on the Github issue tracker?

Just upgraded to Symphony 2.3. Now the parameter values doesn't get evaluated. Let's say if I have return $_POST['query']; for a parameter value it stays return $_POST['query']; at the page's <data><params>... level. At the version information of the extension it says "Unsure" for 2.3. Are there any plans to make it work for 2.3?

Thank you,

No plans to make this work with 2.3?

Seems there is a 2.3 compatible release on the forked Symphonists version (see comment)

Great job !

May I suggest one thing to improve.

As we group parameters into parameters sets, it would be great to get parameters groupes in a parent XML element in parameters pool and named as the parameters set grouping parameters. It could help in solving parameters' name conflict acting like a namespace.

What do you think ?

is it possible to set a value as an XPath

eg: key: //data/events/user/@id

is Xpath value possible?