aboutsummaryrefslogtreecommitdiffstats
path: root/include/smarty/libs/internals/core.is_secure.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/smarty/libs/internals/core.is_secure.php')
-rw-r--r--include/smarty/libs/internals/core.is_secure.php59
1 files changed, 59 insertions, 0 deletions
diff --git a/include/smarty/libs/internals/core.is_secure.php b/include/smarty/libs/internals/core.is_secure.php
new file mode 100644
index 000000000..d54abd432
--- /dev/null
+++ b/include/smarty/libs/internals/core.is_secure.php
@@ -0,0 +1,59 @@
+<?php
+/**
+ * Smarty plugin
+ * @package Smarty
+ * @subpackage plugins
+ */
+
+/**
+ * determines if a resource is secure or not.
+ *
+ * @param string $resource_type
+ * @param string $resource_name
+ * @return boolean
+ */
+
+// $resource_type, $resource_name
+
+function smarty_core_is_secure($params, &$smarty)
+{
+ if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
+ return true;
+ }
+
+ if ($params['resource_type'] == 'file') {
+ $_rp = realpath($params['resource_name']);
+ if (isset($params['resource_base_path'])) {
+ foreach ((array)$params['resource_base_path'] as $curr_dir) {
+ if ( ($_cd = realpath($curr_dir)) !== false &&
+ strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
+ substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
+ return true;
+ }
+ }
+ }
+ if (!empty($smarty->secure_dir)) {
+ foreach ((array)$smarty->secure_dir as $curr_dir) {
+ if ( ($_cd = realpath($curr_dir)) !== false) {
+ if($_cd == $_rp) {
+ return true;
+ } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
+ substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
+ return true;
+ }
+ }
+ }
+ }
+ } else {
+ // resource is not on local file system
+ return call_user_func_array(
+ $smarty->_plugins['resource'][$params['resource_type']][0][2],
+ array($params['resource_name'], &$smarty));
+ }
+
+ return false;
+}
+
+/* vim: set expandtab: */
+
+?>