Mercurial > epgrec.yaz
comparison Smarty/internals/core.is_secure.php @ 1:f5a9f0eb4858
deleted: LICENSE.ja
author | Sushi-k <epgrec@park.mda.or.jp> |
---|---|
date | Wed, 08 Jul 2009 11:44:50 +0900 |
parents | |
children |
comparison
equal
deleted
inserted
replaced
0:96312e6ab8d4 | 1:f5a9f0eb4858 |
---|---|
1 <?php | |
2 /** | |
3 * Smarty plugin | |
4 * @package Smarty | |
5 * @subpackage plugins | |
6 */ | |
7 | |
8 /** | |
9 * determines if a resource is secure or not. | |
10 * | |
11 * @param string $resource_type | |
12 * @param string $resource_name | |
13 * @return boolean | |
14 */ | |
15 | |
16 // $resource_type, $resource_name | |
17 | |
18 function smarty_core_is_secure($params, &$smarty) | |
19 { | |
20 if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { | |
21 return true; | |
22 } | |
23 | |
24 if ($params['resource_type'] == 'file') { | |
25 $_rp = realpath($params['resource_name']); | |
26 if (isset($params['resource_base_path'])) { | |
27 foreach ((array)$params['resource_base_path'] as $curr_dir) { | |
28 if ( ($_cd = realpath($curr_dir)) !== false && | |
29 strncmp($_rp, $_cd, strlen($_cd)) == 0 && | |
30 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { | |
31 return true; | |
32 } | |
33 } | |
34 } | |
35 if (!empty($smarty->secure_dir)) { | |
36 foreach ((array)$smarty->secure_dir as $curr_dir) { | |
37 if ( ($_cd = realpath($curr_dir)) !== false) { | |
38 if($_cd == $_rp) { | |
39 return true; | |
40 } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && | |
41 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { | |
42 return true; | |
43 } | |
44 } | |
45 } | |
46 } | |
47 } else { | |
48 // resource is not on local file system | |
49 return call_user_func_array( | |
50 $smarty->_plugins['resource'][$params['resource_type']][0][2], | |
51 array($params['resource_name'], &$smarty)); | |
52 } | |
53 | |
54 return false; | |
55 } | |
56 | |
57 /* vim: set expandtab: */ | |
58 | |
59 ?> |