core.is_secure.php 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859
  1. <?php
  2. /**
  3. * Smarty plugin
  4. * @package Smarty
  5. * @subpackage plugins
  6. */
  7. /**
  8. * determines if a resource is secure or not.
  9. *
  10. * @param string $resource_type
  11. * @param string $resource_name
  12. * @return boolean
  13. */
  14. // $resource_type, $resource_name
  15. function smarty_core_is_secure($params, &$smarty)
  16. {
  17. if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
  18. return true;
  19. }
  20. if ($params['resource_type'] == 'file') {
  21. $_rp = realpath($params['resource_name']);
  22. if (isset($params['resource_base_path'])) {
  23. foreach ((array)$params['resource_base_path'] as $curr_dir) {
  24. if ( ($_cd = realpath($curr_dir)) !== false &&
  25. strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
  26. substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
  27. return true;
  28. }
  29. }
  30. }
  31. if (!empty($smarty->secure_dir)) {
  32. foreach ((array)$smarty->secure_dir as $curr_dir) {
  33. if ( ($_cd = realpath($curr_dir)) !== false) {
  34. if($_cd == $_rp) {
  35. return true;
  36. } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
  37. substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
  38. return true;
  39. }
  40. }
  41. }
  42. }
  43. } else {
  44. // resource is not on local file system
  45. return call_user_func_array(
  46. $smarty->_plugins['resource'][$params['resource_type']][0][2],
  47. array($params['resource_name'], &$smarty));
  48. }
  49. return false;
  50. }
  51. /* vim: set expandtab: */
  52. ?>