Hi everyone,
We're in the middle of making a new e-commerce related PHP application and we have come to the point where we have started to think about how we should solve templating for our customers needs.
What we would like to do is offer our customers the possibility of uploading/modifying templates to suit their company:s profile. The initial thought is that we shall not reinvent the wheel, so instead letting our customers upload their templates with FTP, so there will be basic HTML skills required. For those customers that want to modify/customize template and doesnt have the knowledge, we offer that service as well.
I know that there's a number of issues to solve before this could be considered safe, like preventing XSS and writing scripts that check through each uploaded file for potential security threats and so on. Of course, there are some part that probably will be to complex for the customer to modify by themselves, so maybe this approach won't apply to >>all<< template files in the frontend application.
But besides that, what would be a good way to handle this?