Mercurial > epgrec.yaz

comparison Smarty/internals/core.is_secure.php @ 1:f5a9f0eb4858

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
deleted: LICENSE.ja
author Sushi-k <epgrec@park.mda.or.jp>
date Wed, 08 Jul 2009 11:44:50 +0900
parents
children
comparison
equal deleted inserted replaced
0:96312e6ab8d4 1:f5a9f0eb4858
1 <?php
2 /**
3 * Smarty plugin
4 * @package Smarty
5 * @subpackage plugins
6 */
7
8 /**
9 * determines if a resource is secure or not.
10 *
11 * @param string $resource_type
12 * @param string $resource_name
13 * @return boolean
14 */
15
16 // $resource_type, $resource_name
17
18 function smarty_core_is_secure($params, &$smarty)
19 {
20 if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
21 return true;
22 }
23
24 if ($params['resource_type'] == 'file') {
25 $_rp = realpath($params['resource_name']);
26 if (isset($params['resource_base_path'])) {
27 foreach ((array)$params['resource_base_path'] as $curr_dir) {
28 if ( ($_cd = realpath($curr_dir)) !== false &&
29 strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
30 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
31 return true;
32 }
33 }
34 }
35 if (!empty($smarty->secure_dir)) {
36 foreach ((array)$smarty->secure_dir as $curr_dir) {
37 if ( ($_cd = realpath($curr_dir)) !== false) {
38 if($_cd == $_rp) {
39 return true;
40 } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
41 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
42 return true;
43 }
44 }
45 }
46 }
47 } else {
48 // resource is not on local file system
49 return call_user_func_array(
50 $smarty->_plugins['resource'][$params['resource_type']][0][2],
51 array($params['resource_name'], &$smarty));
52 }
53
54 return false;
55 }
56
57 /* vim: set expandtab: */
58
59 ?>