Coming up: 23 Sep - Magento 2 Technical Architecture training

Yireo - Trainings & extensions

Open main menu

Yesterday, we released a new version of the Yth library (short for Yireo Template Helper), a PHP-library that helps developers to create their own PHP-logic in their own Joomla! templates, without using a complex templating framework. Upgrading is advised because this version also fixes a potential security issue.

Security issue in css.php version 0.2

With the help of a well-known template-club, we discovered a security issue with the PHP-script css.php which is part of Yth. Within this file, CSS-stylesheets could be included. But on outdated PHP-environments where PHP-functions are still vulnerable to NULL-byte attacks this mechanism allows for non-CSS files to be included as well. If you are using PHP open_basedir or newer PHP-versions, there is no threat. But upgrading Yth is recommended.

New features

Yth now includes some new features as well: The splitmenu-mechanism was not working correctly under Joomla! 2.5, and this is now fixed. Also, two new methods image() and datauri() allow you to include images in the template quickly: The second method allows you to convert URL-based images into data-URIs included within the generated HTML.

For CSS merging and crunching (and/or applying data-URIs within the CSS-code as well), we actually recommend the usage of our ScriptMerge plugin instead. New features will not be added anymore to the css.php file. Only the yth.php will be expanded with new features.

Written on 27 May 2012 by Jisse Reitsma

About the author

Jisse Reitsma is the founder of Yireo, extension developer, developer trainer and two times Magento Master. His passion is for technology and open source. And he loves talking as well.

Looking for a training in-house?

Let's get to it!

Proud member of

  Latest blog


Legal information

Other Yireo sites

Get Social

About Yireo