1 | <?php
|
---|
2 | /**
|
---|
3 | * Smarty plugin
|
---|
4 | * @package Smarty
|
---|
5 | * @subpackage plugins
|
---|
6 | */
|
---|
7 |
|
---|
8 | /**
|
---|
9 | * determines if a resource is secure or not.
|
---|
10 | *
|
---|
11 | * @param string $resource_type
|
---|
12 | * @param string $resource_name
|
---|
13 | * @return boolean
|
---|
14 | */
|
---|
15 |
|
---|
16 | // $resource_type, $resource_name
|
---|
17 |
|
---|
18 | function smarty_core_is_secure($params, &$smarty)
|
---|
19 | {
|
---|
20 | if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
|
---|
21 | return true;
|
---|
22 | }
|
---|
23 |
|
---|
24 | if ($params['resource_type'] == 'file') {
|
---|
25 | $_rp = realpath($params['resource_name']);
|
---|
26 | if (isset($params['resource_base_path'])) {
|
---|
27 | foreach ((array)$params['resource_base_path'] as $curr_dir) {
|
---|
28 | if ( ($_cd = realpath($curr_dir)) !== false &&
|
---|
29 | strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
|
---|
30 | substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
|
---|
31 | return true;
|
---|
32 | }
|
---|
33 | }
|
---|
34 | }
|
---|
35 | if (!empty($smarty->secure_dir)) {
|
---|
36 | foreach ((array)$smarty->secure_dir as $curr_dir) {
|
---|
37 | if ( ($_cd = realpath($curr_dir)) !== false) {
|
---|
38 | if($_cd == $_rp) {
|
---|
39 | return true;
|
---|
40 | } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
|
---|
41 | substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
|
---|
42 | return true;
|
---|
43 | }
|
---|
44 | }
|
---|
45 | }
|
---|
46 | }
|
---|
47 | } else {
|
---|
48 | // resource is not on local file system
|
---|
49 | return call_user_func_array(
|
---|
50 | $smarty->_plugins['resource'][$params['resource_type']][0][2],
|
---|
51 | array($params['resource_name'], &$smarty));
|
---|
52 | }
|
---|
53 |
|
---|
54 | return false;
|
---|
55 | }
|
---|
56 |
|
---|
57 | /* vim: set expandtab: */
|
---|
58 |
|
---|
59 | ?>
|
---|