Mercurial > epgrec.yaz
view Smarty/internals/core.is_secure.php @ 172:2a944f0c15c5
merged from upstream
| author | Yoshiki Yazawa <yaz@honeyplanet.jp> |
|---|---|
| date | Fri, 30 Apr 2010 12:21:17 +0900 |
| parents | f5a9f0eb4858 |
| children |
line wrap: on
line source
<?php /** * Smarty plugin * @package Smarty * @subpackage plugins */ /** * determines if a resource is secure or not. * * @param string $resource_type * @param string $resource_name * @return boolean */ // $resource_type, $resource_name function smarty_core_is_secure($params, &$smarty) { if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { return true; } if ($params['resource_type'] == 'file') { $_rp = realpath($params['resource_name']); if (isset($params['resource_base_path'])) { foreach ((array)$params['resource_base_path'] as $curr_dir) { if ( ($_cd = realpath($curr_dir)) !== false && strncmp($_rp, $_cd, strlen($_cd)) == 0 && substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { return true; } } } if (!empty($smarty->secure_dir)) { foreach ((array)$smarty->secure_dir as $curr_dir) { if ( ($_cd = realpath($curr_dir)) !== false) { if($_cd == $_rp) { return true; } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { return true; } } } } } else { // resource is not on local file system return call_user_func_array( $smarty->_plugins['resource'][$params['resource_type']][0][2], array($params['resource_name'], &$smarty)); } return false; } /* vim: set expandtab: */ ?>