9 * determines if a resource is secure or not.
11 * @param string $resource_type
12 * @param string $resource_name
16 // $resource_type, $resource_name
18 function smarty_core_is_secure($params, &$smarty)
20 static $check_template_dir = true;
22 if (!$smarty->security ||
$smarty->security_settings
['INCLUDE_ANY']) {
26 $_smarty_secure = false;
27 if ($params['resource_type'] == 'file') {
28 if($check_template_dir) {
29 if (!in_array($smarty->template_dir
, $smarty->secure_dir
))
30 // add template_dir to secure_dir array
31 array_unshift($smarty->secure_dir
, $smarty->template_dir
);
32 $check_template_dir = false;
34 if (!empty($smarty->secure_dir
)) {
35 $_rp = realpath($params['resource_name']);
36 foreach ((array)$smarty->secure_dir
as $curr_dir) {
37 if ( !empty($curr_dir) && is_readable ($curr_dir)) {
38 $_cd = realpath($curr_dir);
39 if (strncmp($_rp, $_cd, strlen($_cd)) == 0
40 && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR
) {
41 $_smarty_secure = true;
48 // resource is not on local file system
49 $_smarty_secure = call_user_func_array(
50 $smarty->_plugins
['resource'][$params['resource_type']][0][2],
51 array($params['resource_name'], &$_smarty_secure, &$smarty));
54 return $_smarty_secure;
57 /* vim: set expandtab: */