first commit
This commit is contained in:
		
							
								
								
									
										59
									
								
								lib/smarty2/libs/internals/core.is_secure.php
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										59
									
								
								lib/smarty2/libs/internals/core.is_secure.php
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,59 @@ | ||||
| <?php | ||||
| /** | ||||
|  * Smarty plugin | ||||
|  * @package Smarty | ||||
|  * @subpackage plugins | ||||
|  */ | ||||
|  | ||||
| /** | ||||
|  * determines if a resource is secure or not. | ||||
|  * | ||||
|  * @param string $resource_type | ||||
|  * @param string $resource_name | ||||
|  * @return boolean | ||||
|  */ | ||||
|  | ||||
| //  $resource_type, $resource_name | ||||
|  | ||||
| function smarty_core_is_secure($params, &$smarty) | ||||
| { | ||||
|     if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { | ||||
|         return true; | ||||
|     } | ||||
|  | ||||
|     if ($params['resource_type'] == 'file') { | ||||
|         $_rp = realpath($params['resource_name']); | ||||
|         if (isset($params['resource_base_path'])) { | ||||
|             foreach ((array)$params['resource_base_path'] as $curr_dir) { | ||||
|                 if ( ($_cd = realpath($curr_dir)) !== false && | ||||
|                      strncmp($_rp, $_cd, strlen($_cd)) == 0 && | ||||
|                      substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { | ||||
|                     return true; | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|         if (!empty($smarty->secure_dir)) { | ||||
|             foreach ((array)$smarty->secure_dir as $curr_dir) { | ||||
|                 if ( ($_cd = realpath($curr_dir)) !== false) { | ||||
|                     if($_cd == $_rp) { | ||||
|                         return true; | ||||
|                     } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && | ||||
|                         substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { | ||||
|                         return true; | ||||
|                     } | ||||
|                 } | ||||
|             } | ||||
|         } | ||||
|     } else { | ||||
|         // resource is not on local file system | ||||
|         return call_user_func_array( | ||||
|             $smarty->_plugins['resource'][$params['resource_type']][0][2], | ||||
|             array($params['resource_name'], &$smarty)); | ||||
|     } | ||||
|  | ||||
|     return false; | ||||
| } | ||||
|  | ||||
| /* vim: set expandtab: */ | ||||
|  | ||||
| ?> | ||||
		Reference in New Issue
	
	Block a user