mirror of https://github.com/avecms/AVE.cms.git
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59 lines
1.7 KiB
59 lines
1.7 KiB
<?php |
|
/** |
|
* Smarty plugin |
|
* @package Smarty |
|
* @subpackage plugins |
|
*/ |
|
|
|
/** |
|
* determines if a resource is secure or not. |
|
* |
|
* @param string $resource_type |
|
* @param string $resource_name |
|
* @return boolean |
|
*/ |
|
|
|
// $resource_type, $resource_name |
|
|
|
function smarty_core_is_secure($params, &$smarty) |
|
{ |
|
if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { |
|
return true; |
|
} |
|
|
|
if ($params['resource_type'] == 'file') { |
|
$_rp = realpath($params['resource_name']); |
|
if (isset($params['resource_base_path'])) { |
|
foreach ((array)$params['resource_base_path'] as $curr_dir) { |
|
if ( ($_cd = realpath($curr_dir)) !== false && |
|
strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
|
substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR ) { |
|
return true; |
|
} |
|
} |
|
} |
|
if (!empty($smarty->secure_dir)) { |
|
foreach ((array)$smarty->secure_dir as $curr_dir) { |
|
if ( ($_cd = realpath($curr_dir)) !== false) { |
|
if($_cd == $_rp) { |
|
return true; |
|
} elseif (strncmp($_rp, $_cd, strlen($_cd)) == 0 && |
|
substr($_rp, strlen($_cd), 1) == DIRECTORY_SEPARATOR) { |
|
return true; |
|
} |
|
} |
|
} |
|
} |
|
} else { |
|
// resource is not on local file system |
|
return call_user_func_array( |
|
$smarty->_plugins['resource'][$params['resource_type']][0][2], |
|
array($params['resource_name'], &$smarty)); |
|
} |
|
|
|
return false; |
|
} |
|
|
|
/* vim: set expandtab: */ |
|
|
|
?>
|
|
|