1 |
<?php |
2 |
/** |
3 |
* Smarty plugin |
4 |
* @package Smarty |
5 |
* @subpackage plugins |
6 |
*/ |
7 |
|
8 |
/** |
9 |
* determines if a resource is secure or not. |
10 |
* |
11 |
* @param string $resource_type |
12 |
* @param string $resource_name |
13 |
* @return boolean |
14 |
*/ |
15 |
|
16 |
// $resource_type, $resource_name |
17 |
|
18 |
function smarty_core_is_secure($params, &$smarty) |
19 |
{ |
20 |
if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { |
21 |
return true; |
22 |
} |
23 |
|
24 |
if ($params['resource_type'] == 'file') { |
25 |
$_rp = realpath($params['resource_name']); |
26 |
if (isset($params['resource_base_path'])) { |
27 |
foreach ((array)$params['resource_base_path'] as $curr_dir) { |
28 |
if ( ($_cd = realpath($curr_dir)) !== false && |
29 |
strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
30 |
$_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { |
31 |
return true; |
32 |
} |
33 |
} |
34 |
} |
35 |
if (!empty($smarty->secure_dir)) { |
36 |
foreach ((array)$smarty->secure_dir as $curr_dir) { |
37 |
if ( ($_cd = realpath($curr_dir)) !== false && |
38 |
strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
39 |
$_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { |
40 |
return true; |
41 |
} |
42 |
} |
43 |
} |
44 |
} else { |
45 |
// resource is not on local file system |
46 |
return call_user_func_array( |
47 |
$smarty->_plugins['resource'][$params['resource_type']][0][2], |
48 |
array($params['resource_name'], &$smarty)); |
49 |
} |
50 |
|
51 |
return false; |
52 |
} |
53 |
|
54 |
/* vim: set expandtab: */ |
55 |
|
56 |
?> |