1 |
joko |
1.1 |
<?php |
2 |
|
|
/** |
3 |
|
|
* Smarty plugin |
4 |
|
|
* @package Smarty |
5 |
|
|
* @subpackage plugins |
6 |
|
|
*/ |
7 |
|
|
|
8 |
|
|
/** |
9 |
|
|
* determines if a resource is secure or not. |
10 |
|
|
* |
11 |
|
|
* @param string $resource_type |
12 |
|
|
* @param string $resource_name |
13 |
|
|
* @return boolean |
14 |
|
|
*/ |
15 |
|
|
|
16 |
|
|
// $resource_type, $resource_name |
17 |
|
|
|
18 |
|
|
function smarty_core_is_secure($params, &$smarty) |
19 |
|
|
{ |
20 |
|
|
if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { |
21 |
|
|
return true; |
22 |
|
|
} |
23 |
|
|
|
24 |
|
|
if ($params['resource_type'] == 'file') { |
25 |
|
|
$_rp = realpath($params['resource_name']); |
26 |
|
|
if (isset($params['resource_base_path'])) { |
27 |
|
|
foreach ((array)$params['resource_base_path'] as $curr_dir) { |
28 |
|
|
if ( ($_cd = realpath($curr_dir)) !== false && |
29 |
|
|
strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
30 |
|
|
$_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { |
31 |
|
|
return true; |
32 |
|
|
} |
33 |
|
|
} |
34 |
|
|
} |
35 |
|
|
if (!empty($smarty->secure_dir)) { |
36 |
|
|
foreach ((array)$smarty->secure_dir as $curr_dir) { |
37 |
|
|
if ( ($_cd = realpath($curr_dir)) !== false && |
38 |
|
|
strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
39 |
|
|
$_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { |
40 |
|
|
return true; |
41 |
|
|
} |
42 |
|
|
} |
43 |
|
|
} |
44 |
|
|
} else { |
45 |
|
|
// resource is not on local file system |
46 |
|
|
return call_user_func_array( |
47 |
|
|
$smarty->_plugins['resource'][$params['resource_type']][0][2], |
48 |
|
|
array($params['resource_name'], &$smarty)); |
49 |
|
|
} |
50 |
|
|
|
51 |
|
|
return false; |
52 |
|
|
} |
53 |
|
|
|
54 |
|
|
/* vim: set expandtab: */ |
55 |
|
|
|
56 |
|
|
?> |