blob: 877886b88517cd1dda8929341f27103ffa324a5e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
<?php
/**
* Smarty plugin
* @package Smarty
* @subpackage plugins
*/
/**
* determines if a resource is secure or not.
*
* @param string $resource_type
* @param string $resource_name
* @return boolean
*/
// $resource_type, $resource_name
function smarty_core_is_secure($params, &$smarty)
{
static $check_template_dir = true;
if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
return true;
}
$_smarty_secure = false;
if ($params['resource_type'] == 'file') {
if($check_template_dir) {
if (!in_array($smarty->template_dir, $smarty->secure_dir))
// add template_dir to secure_dir array
array_unshift($smarty->secure_dir, $smarty->template_dir);
$check_template_dir = false;
}
if (!empty($smarty->secure_dir)) {
$_rp = realpath($params['resource_name']);
foreach ((array)$smarty->secure_dir as $curr_dir) {
if ( !empty($curr_dir) && is_readable ($curr_dir)) {
$_cd = realpath($curr_dir);
if (strncmp($_rp, $_cd, strlen($_cd)) == 0
&& $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
$_smarty_secure = true;
break;
}
}
}
}
} else {
// resource is not on local file system
$_smarty_secure = call_user_func_array(
$smarty->_plugins['resource'][$params['resource_type']][0][2],
array($params['resource_name'], &$_smarty_secure, &$smarty));
}
return $_smarty_secure;
}
/* vim: set expandtab: */
?>
|
