inc/smarty/core/core.is_secure.php

   1 <?php
   2 /**
   3  * Smarty plugin
   4  * @package Smarty
   5  * @subpackage plugins
   6  */
   7
   8 /**
   9  * determines if a resource is secure or not.
  10  *
  11  * @param string $resource_type
  12  * @param string $resource_name
  13  * @return boolean
  14  */
  15
  16 //  $resource_type, $resource_name
  17
  18 function smarty_core_is_secure($params, &$smarty)
  19 {
  20     if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
  21         return true;
  22     }
  23
  24     $_smarty_secure = false;
  25     if ($params['resource_type'] == 'file') {
  26         if (!empty($smarty->secure_dir)) {
  27             $_rp = realpath($params['resource_name']);
  28             foreach ((array)$smarty->secure_dir as $curr_dir) {
  29                 if ( !empty($curr_dir) && is_readable ($curr_dir)) {
  30                     $_cd = realpath($curr_dir);
  31                     if (strncmp($_rp, $_cd, strlen($_cd)) == 0
  32                         && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
  33                         $_smarty_secure = true;
  34                         break;
  35                     }
  36                 }
  37             }
  38         }
  39     } else {
  40         // resource is not on local file system
  41         $_smarty_secure = call_user_func_array(
  42             $smarty->_plugins['resource'][$params['resource_type']][0][2],
  43             array($params['resource_name'], &$_smarty_secure, &$smarty));
  44     }
  45
  46     return $_smarty_secure;
  47 }
  48
  49 /* vim: set expandtab: */
  50
  51 ?>