author | Dan |
Mon, 24 Mar 2008 02:53:42 -0400 | |
changeset 10 | d3059e20b0fa |
parent 0 | c63de9eb7045 |
permissions | -rw-r--r-- |
<?php /** * Smarty plugin * @package Smarty * @subpackage plugins */ /** * determines if a resource is secure or not. * * @param string $resource_type * @param string $resource_name * @return boolean */ // $resource_type, $resource_name function smarty_core_is_secure($params, &$smarty) { if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { return true; } if ($params['resource_type'] == 'file') { $_rp = realpath($params['resource_name']); if (isset($params['resource_base_path'])) { foreach ((array)$params['resource_base_path'] as $curr_dir) { if ( ($_cd = realpath($curr_dir)) !== false && strncmp($_rp, $_cd, strlen($_cd)) == 0 && substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { return true; } } } if (!empty($smarty->secure_dir)) { foreach ((array)$smarty->secure_dir as $curr_dir) { if ( ($_cd = realpath($curr_dir)) !== false) { if($_cd == $_rp) { return true; } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { return true; } } } } } else { // resource is not on local file system return call_user_func_array( $smarty->_plugins['resource'][$params['resource_type']][0][2], array($params['resource_name'], &$smarty)); } return false; } /* vim: set expandtab: */ ?>