| 1 | <?php |
| 2 | /** |
| 3 | * Smarty plugin |
| 4 | * @package Smarty |
| 5 | * @subpackage plugins |
| 6 | */ |
| 7 | |
| 8 | /** |
| 9 | * determines if a resource is secure or not. |
| 10 | * |
| 11 | * @param string $resource_type |
| 12 | * @param string $resource_name |
| 13 | * @return boolean |
| 14 | */ |
| 15 | |
| 16 | // $resource_type, $resource_name |
| 17 | |
| 18 | function smarty_core_is_secure($params, &$smarty) |
| 19 | { |
| 20 | if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { |
| 21 | return true; |
| 22 | } |
| 23 | |
| 24 | $_smarty_secure = false; |
| 25 | if ($params['resource_type'] == 'file') { |
| 26 | if (!empty($smarty->secure_dir)) { |
| 27 | $_rp = realpath($params['resource_name']); |
| 28 | foreach ((array)$smarty->secure_dir as $curr_dir) { |
| 29 | if ( !empty($curr_dir) && is_readable ($curr_dir)) { |
| 30 | $_cd = realpath($curr_dir); |
| 31 | if (strncmp($_rp, $_cd, strlen($_cd)) == 0 |
| 32 | && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { |
| 33 | $_smarty_secure = true; |
| 34 | break; |
| 35 | } |
| 36 | } |
| 37 | } |
| 38 | } |
| 39 | } else { |
| 40 | // resource is not on local file system |
| 41 | $_smarty_secure = call_user_func_array( |
| 42 | $smarty->_plugins['resource'][$params['resource_type']][0][2], |
| 43 | array($params['resource_name'], &$_smarty_secure, &$smarty)); |
| 44 | } |
| 45 | |
| 46 | return $_smarty_secure; |
| 47 | } |
| 48 | |
| 49 | /* vim: set expandtab: */ |
| 50 | |
| 51 | ?> |