diff options
Diffstat (limited to 'include/smarty/libs/internals/core.is_secure.php')
| -rw-r--r-- | include/smarty/libs/internals/core.is_secure.php | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/include/smarty/libs/internals/core.is_secure.php b/include/smarty/libs/internals/core.is_secure.php new file mode 100644 index 000000000..d54abd432 --- /dev/null +++ b/include/smarty/libs/internals/core.is_secure.php @@ -0,0 +1,59 @@ +<?php +/** + * Smarty plugin + * @package Smarty + * @subpackage plugins + */ + +/** + * determines if a resource is secure or not. + * + * @param string $resource_type + * @param string $resource_name + * @return boolean + */ + +// $resource_type, $resource_name + +function smarty_core_is_secure($params, &$smarty) +{ + if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { + return true; + } + + if ($params['resource_type'] == 'file') { + $_rp = realpath($params['resource_name']); + if (isset($params['resource_base_path'])) { + foreach ((array)$params['resource_base_path'] as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false && + strncmp($_rp, $_cd, strlen($_cd)) == 0 && + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { + return true; + } + } + } + if (!empty($smarty->secure_dir)) { + foreach ((array)$smarty->secure_dir as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false) { + if($_cd == $_rp) { + return true; + } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { + return true; + } + } + } + } + } else { + // resource is not on local file system + return call_user_func_array( + $smarty->_plugins['resource'][$params['resource_type']][0][2], + array($params['resource_name'], &$smarty)); + } + + return false; +} + +/* vim: set expandtab: */ + +?> |