1
|
1 <?php
|
|
2 /**
|
|
3 * Smarty plugin
|
|
4 * @package Smarty
|
|
5 * @subpackage plugins
|
|
6 */
|
|
7
|
|
8 /**
|
|
9 * determines if a resource is secure or not.
|
|
10 *
|
|
11 * @param string $resource_type
|
|
12 * @param string $resource_name
|
|
13 * @return boolean
|
|
14 */
|
|
15
|
|
16 // $resource_type, $resource_name
|
|
17
|
|
18 function smarty_core_is_secure($params, &$smarty)
|
|
19 {
|
|
20 if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
|
|
21 return true;
|
|
22 }
|
|
23
|
|
24 if ($params['resource_type'] == 'file') {
|
|
25 $_rp = realpath($params['resource_name']);
|
|
26 if (isset($params['resource_base_path'])) {
|
|
27 foreach ((array)$params['resource_base_path'] as $curr_dir) {
|
|
28 if ( ($_cd = realpath($curr_dir)) !== false &&
|
|
29 strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
|
|
30 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
|
|
31 return true;
|
|
32 }
|
|
33 }
|
|
34 }
|
|
35 if (!empty($smarty->secure_dir)) {
|
|
36 foreach ((array)$smarty->secure_dir as $curr_dir) {
|
|
37 if ( ($_cd = realpath($curr_dir)) !== false) {
|
|
38 if($_cd == $_rp) {
|
|
39 return true;
|
|
40 } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
|
|
41 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
|
|
42 return true;
|
|
43 }
|
|
44 }
|
|
45 }
|
|
46 }
|
|
47 } else {
|
|
48 // resource is not on local file system
|
|
49 return call_user_func_array(
|
|
50 $smarty->_plugins['resource'][$params['resource_type']][0][2],
|
|
51 array($params['resource_name'], &$smarty));
|
|
52 }
|
|
53
|
|
54 return false;
|
|
55 }
|
|
56
|
|
57 /* vim: set expandtab: */
|
|
58
|
|
59 ?>
|