Hello everyone
Modern template engines for php (say, dwoo or smarty) can use objects as variables. You can use {$obj->method()}, which is really convenient, and i am using this a lot. But, there is a clear security problem with exporting directly objects from ORM, which have methods such as insert, delete etc. Is there any sane method to expose only part of methods to template engine? I was thinking of wrapper exposing only whitelisted methods:
$aTplVars = array (new TplWrapper(new User($nUserId), array('getAccount','getStatus')));
What do you thinking (there is clear performance overhead)? Or maybe there is something like that in some existing template engines for php?