diff options
| author | Nathan Kinkade <nath@nkinka.de> | 2008-03-16 20:42:30 +0000 |
|---|---|---|
| committer | Nathan Kinkade <nath@nkinka.de> | 2008-03-16 20:42:30 +0000 |
| commit | 6d0fbeb0a7fde0cc8bae6c9944ea6b017d96968a (patch) | |
| tree | 7da954e7aaa5c7a78bd0c0cc6911f718670ea37a /lib/smarty-2.6.8/internals/core.is_secure.php | |
| parent | 32482b90446a7974e4aa1a392a79f1c8e18ed200 (diff) | |
Moved some external packages into lib to make system more self contained
Diffstat (limited to 'lib/smarty-2.6.8/internals/core.is_secure.php')
| -rw-r--r-- | lib/smarty-2.6.8/internals/core.is_secure.php | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/lib/smarty-2.6.8/internals/core.is_secure.php b/lib/smarty-2.6.8/internals/core.is_secure.php new file mode 100644 index 0000000..d54abd4 --- /dev/null +++ b/lib/smarty-2.6.8/internals/core.is_secure.php @@ -0,0 +1,59 @@ +<?php +/** + * Smarty plugin + * @package Smarty + * @subpackage plugins + */ + +/** + * determines if a resource is secure or not. + * + * @param string $resource_type + * @param string $resource_name + * @return boolean + */ + +// $resource_type, $resource_name + +function smarty_core_is_secure($params, &$smarty) +{ + if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { + return true; + } + + if ($params['resource_type'] == 'file') { + $_rp = realpath($params['resource_name']); + if (isset($params['resource_base_path'])) { + foreach ((array)$params['resource_base_path'] as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false && + strncmp($_rp, $_cd, strlen($_cd)) == 0 && + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { + return true; + } + } + } + if (!empty($smarty->secure_dir)) { + foreach ((array)$smarty->secure_dir as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false) { + if($_cd == $_rp) { + return true; + } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && + substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { + return true; + } + } + } + } + } else { + // resource is not on local file system + return call_user_func_array( + $smarty->_plugins['resource'][$params['resource_type']][0][2], + array($params['resource_name'], &$smarty)); + } + + return false; +} + +/* vim: set expandtab: */ + +?> |