Restricting certain php files to just being able to access specific variables

Restricting certain php files to just being able to access specific variables

In my webapp I allow my enterprise customers to completely customize one
of their weppages. But these webpages are still part of my webapplication
and are hosted on my server.
My customers should be able to completely design their webpage with CSS,
HTML and Javascript. And I also want to give them access to specific
dynamic variables. I have 3 different options to give them access to these
variables:
Using str_replace, so that I just replace certain variable-names in their
webpage with the corresponding dynamic value
Using some kind of template engine like smarty, which they can use within
their webpage
Using PHP itself, so that they can use certain php variables
I actually think the third option is the best, because PHP already works
great as a templage engine. But If I just let them upload anykind of php
fil,e my customers could also call functions and fire database queries,
because their code has permission limitation.
Is there anyway to use a php-file, but just give this php file access to a
certain amount of predefined variables? Especially without the permission
to do database-querys, reading global-variables, saving content to the
server or any other actions that could cause security issues.