library/smarty/internals/core.is_secure.php

   1 <?php
   2 /**
   3  * Smarty plugin
   4  * @package Smarty
   5  * @subpackage plugins
   6  */
   7
   8 /**
   9  * determines if a resource is secure or not.
  10  *
  11  * @param string $resource_type
  12  * @param string $resource_name
  13  * @return boolean
  14  */
  15
  16 //  $resource_type, $resource_name
  17
  18 function smarty_core_is_secure($params, &$smarty)
  19 {
  20     if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
  21         return true;
  22     }
  23
  24     if ($params['resource_type'] == 'file') {
  25         $_rp = realpath($params['resource_name']);
  26         if (isset($params['resource_base_path'])) {
  27             foreach ((array)$params['resource_base_path'] as $curr_dir) {
  28                 if ( ($_cd = realpath($curr_dir)) !== false &&
  29                      strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
  30                      substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) {
  31                     return true;
  32                 }
  33             }
  34         }
  35         if (!empty($smarty->secure_dir)) {
  36             foreach ((array)$smarty->secure_dir as $curr_dir) {
  37                 if ( ($_cd = realpath($curr_dir)) !== false) {
  38                     if($_cd == $_rp) {
  39                         return true;
  40                     } elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 &&
  41                         substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) {
  42                         return true;
  43                     }
  44                 }
  45             }
  46         }
  47     } else {
  48         // resource is not on local file system
  49         return call_user_func_array(
  50             $smarty->_plugins['resource'][$params['resource_type']][0][2],
  51             array($params['resource_name'], &$smarty));
  52     }
  53
  54     return false;
  55 }
  56
  57 /* vim: set expandtab: */
  58
  59 ?>