1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859 |
- <?php
- /**
- * Smarty plugin
- * @package Smarty
- * @subpackage plugins
- */
- /**
- * determines if a resource is secure or not.
- *
- * @param string $resource_type
- * @param string $resource_name
- * @return boolean
- */
- // $resource_type, $resource_name
- function smarty_core_is_secure($params, &$smarty)
- {
- if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
- return true;
- }
- if ($params['resource_type'] == 'file') {
- $_rp = realpath($params['resource_name']);
- if (isset($params['resource_base_path'])) {
- foreach ((array)$params['resource_base_path'] as $curr_dir) {
- if ( ($_cd = realpath($curr_dir)) !== false &&
- strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
- substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
- return true;
- }
- }
- }
- if (!empty($smarty->secure_dir)) {
- foreach ((array)$smarty->secure_dir as $curr_dir) {
- if ( ($_cd = realpath($curr_dir)) !== false) {
- if($_cd == $_rp) {
- return true;
- } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
- substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
- return true;
- }
- }
- }
- }
- } else {
- // resource is not on local file system
- return call_user_func_array(
- $smarty->_plugins['resource'][$params['resource_type']][0][2],
- array($params['resource_name'], &$smarty));
- }
- return false;
- }
- /* vim: set expandtab: */
- ?>
|