|
1 <?php |
|
2 /** |
|
3 * Smarty plugin |
|
4 * @package Smarty |
|
5 * @subpackage plugins |
|
6 */ |
|
7 |
|
8 /** |
|
9 * determines if a resource is secure or not. |
|
10 * |
|
11 * @param string $resource_type |
|
12 * @param string $resource_name |
|
13 * @return boolean |
|
14 */ |
|
15 |
|
16 // $resource_type, $resource_name |
|
17 |
|
18 function smarty_core_is_secure($params, &$smarty) |
|
19 { |
|
20 if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { |
|
21 return true; |
|
22 } |
|
23 |
|
24 if ($params['resource_type'] == 'file') { |
|
25 $_rp = realpath($params['resource_name']); |
|
26 if (isset($params['resource_base_path'])) { |
|
27 foreach ((array)$params['resource_base_path'] as $curr_dir) { |
|
28 if ( ($_cd = realpath($curr_dir)) !== false && |
|
29 strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
|
30 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { |
|
31 return true; |
|
32 } |
|
33 } |
|
34 } |
|
35 if (!empty($smarty->secure_dir)) { |
|
36 foreach ((array)$smarty->secure_dir as $curr_dir) { |
|
37 if ( ($_cd = realpath($curr_dir)) !== false) { |
|
38 if($_cd == $_rp) { |
|
39 return true; |
|
40 } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
|
41 substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { |
|
42 return true; |
|
43 } |
|
44 } |
|
45 } |
|
46 } |
|
47 } else { |
|
48 // resource is not on local file system |
|
49 return call_user_func_array( |
|
50 $smarty->_plugins['resource'][$params['resource_type']][0][2], |
|
51 array($params['resource_name'], &$smarty)); |
|
52 } |
|
53 |
|
54 return false; |
|
55 } |
|
56 |
|
57 /* vim: set expandtab: */ |
|
58 |
|
59 ?> |