mteval
Processes the input string for any MT template tags and returns the output. More clearly, this modifier provides a way for authors or administrators to enter MT tags in non-Template areas, such as the Entry Body, Category Description, or Blog Description, for example.
Warning
Use this modifier with care!
This modifier has significant potential security and performance implications which you should understand before using it. A public posting form (such as Comments), for example, should never have the <mt:CommentBody>
use this modifier because it would provide users with an opportunity to do bad things to your web site. For example, if your template includes <mt:CommentBody mteval="1">
then a commenter could enter something like the following:
<mt:Blogs include_blogs="all">
<h2><mt:BlogName></h2>
<mt:Entries lastn="9999">
<h3><mt:EntryTitle></h3>
<mt:Comments>
<h4>Comment from <mt:CommenterName>:</h4>
<mt:CommentBody mteval="1">
</mt:Comments>
</mt:Entries>
</mt:Blogs>
That code snippet will publish every Comment in every Entry in every Blog in the system. It’s actually worse than that, though: notice the use of mteval
in the CommentBody tag of the snippet — when publishing gets to the comment containing this snippet it will execute this code again. Effectively, it’s an infinite loop. If you’ve got a big site, that could cause trouble: at the very least, creating a publishing bottleneck and/or causing the server to timeout.
Use this modifier with care. It’s very useful and can solve many problems, but the potential for misuse is high.
Example
An example of bad use is above. Below is a good example!
The best way to use the mteval
modifier is when you can be sure of who has permission to work with it. One spot it makes a lot of sense to use is with Website-, Blog-, or Template-level Custom Fields.
Create a Template Custom Field of the “Multi-Line Text” type; here one was created called
<mt:TemplateRelatedAddIns>
. Add themteval
attribute to the field in the Template:<mt:TemplateRelatedAddIns mteval="1">
Now within the Template Related Add-Ins field we can add some MT templating:
<p>Last three Entries related to the "review" tag:</p> <ul> <mt:Entries tag="review" lastn="3"> <li><mt:EntryTitle></li> </mt:Entries> </ul>
Of course, with this Custom Field each template can use a different Template Related Add-In — perhaps with different tags, or different criteria altogether.
Publish the template and view the result!
History
Movable Type 2 and 3 users may remember (or still be using!) a plugin called Process Tags. This feature obviates the need for that plugin.