Mercurial > epgrec.yaz
diff Smarty/internals/core.is_secure.php @ 1:f5a9f0eb4858
deleted: LICENSE.ja
author | Sushi-k <epgrec@park.mda.or.jp> |
---|---|
date | Wed, 08 Jul 2009 11:44:50 +0900 |
parents | |
children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/Smarty/internals/core.is_secure.php Wed Jul 08 11:44:50 2009 +0900 @@ -0,0 +1,59 @@ +<?php +/** + * Smarty plugin + * @package Smarty + * @subpackage plugins + */ + +/** + * determines if a resource is secure or not. + * + * @param string $resource_type + * @param string $resource_name + * @return boolean + */ + +// $resource_type, $resource_name + +function smarty_core_is_secure($params, &$smarty) +{ + if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { + return true; + } + + if ($params['resource_type'] == 'file') { + $_rp = realpath($params['resource_name']); + if (isset($params['resource_base_path'])) { + foreach ((array)$params['resource_base_path'] as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false && + strncmp($_rp, $_cd, strlen($_cd)) == 0 && + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { + return true; + } + } + } + if (!empty($smarty->secure_dir)) { + foreach ((array)$smarty->secure_dir as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false) { + if($_cd == $_rp) { + return true; + } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { + return true; + } + } + } + } + } else { + // resource is not on local file system + return call_user_func_array( + $smarty->_plugins['resource'][$params['resource_type']][0][2], + array($params['resource_name'], &$smarty)); + } + + return false; +} + +/* vim: set expandtab: */ + +?>