Native PHP Templating
Pragma CMS does not force you to use a templating engine. If you prioritize absolute, zero-overhead execution speed, you can write your views using Native PHP.
Native PHP templates bypass the compilation step entirely. However, with great power comes great responsibility: you are strictly responsible for escaping your own output to prevent Cross-Site Scripting (XSS) vulnerabilities.
Accessing Data & Escaping
In a native PHP template, global variables are available directly as PHP objects ($site, $page, $_SESSION['logged_user']).
Always use htmlspecialchars() when outputting user-generated text or database content.
<div class="article-header">
<!-- Correctly escaped output -->
<h1><?= htmlspecialchars($page->entry['title']) ?></h1>
<!-- Accessing a custom field (e.g., a subtitle) -->
<p><?= htmlspecialchars($page->entry['fields']['subtitle'] ?? '') ?></p>
</div>Accessing Controller Data
When your custom controller fetches additional data (e.g., querying 3 related articles) and attaches it to $page->viewData, you access it like this:
<ul class="related-posts">
<?php foreach ($page->viewData['related_articles'] as $article): ?>
<li>
<a href="<?= getLink('front.articles.show', ['slug' => $article['slug']]) ?>">
<?= htmlspecialchars($article['title']) ?>
</a>
</li>
<?php endforeach; ?>
</ul>Using Core Rendering Functions
Native PHP templates have direct access to all CMS Helper functions (defined in functions.php).
<!-- Rendering a responsive image -->
<div class="cover-image">
<?php renderImage($page->entry['fields']['cover_image_id'], 'xlarge'); ?>
</div>
<!-- Rendering a dynamic menu -->
<nav class="main-nav">
<?= renderMenu('main-menu', ['wrapper_class' => 'nav-list']) ?>
</nav>
<!-- Rendering a Form -->
<div class="contact-section">
<?= FormManager::renderForm('contact-us', ['ajax' => true]); ?>
</div>