X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;ds=sidebyside;f=smarty%2FSmarty-2.6.10%2Flibs%2Finternals%2Fcore.is_secure.php;fp=smarty%2FSmarty-2.6.10%2Flibs%2Finternals%2Fcore.is_secure.php;h=9bec5c21efb57166ef324e30d39dcd9904b3c6f3;hb=b42b2bf946332ad8544d53f610be9cb05e80bf56;hp=0000000000000000000000000000000000000000;hpb=e586807dafc64c3fe152ab518599e6cf3f0f84e1;p=mirrors%2FKyberia-bloodline.git diff --git a/smarty/Smarty-2.6.10/libs/internals/core.is_secure.php b/smarty/Smarty-2.6.10/libs/internals/core.is_secure.php new file mode 100644 index 0000000..9bec5c2 --- /dev/null +++ b/smarty/Smarty-2.6.10/libs/internals/core.is_secure.php @@ -0,0 +1,59 @@ +security || $smarty->security_settings['INCLUDE_ANY']) { + return true; + } + + if ($params['resource_type'] == 'file') { + $_rp = realpath($params['resource_name']); + if (isset($params['resource_base_path'])) { + foreach ((array)$params['resource_base_path'] as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false && + strncmp($_rp, $_cd, strlen($_cd)) == 0 && + $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { + return true; + } + } + } + if (!empty($smarty->secure_dir)) { + foreach ((array)$smarty->secure_dir as $curr_dir) { + if ( ($_cd = realpath($curr_dir)) !== false) { + if( strncmp($_rp, $_cd, strlen($_cd)) == 0 && + $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) { + return true; + } elseif ($_cd == $_rp) { + return true; + } + } + } + } + } else { + // resource is not on local file system + return call_user_func_array( + $smarty->_plugins['resource'][$params['resource_type']][0][2], + array($params['resource_name'], &$smarty)); + } + + return false; +} + +/* vim: set expandtab: */ + +?>