smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

update fetch funtion to respect security setting

Browse Source
This commit is contained in:
mohrt
2001-06-13 19:57:03 +00:00
parent 47119594b5
commit 098630af9d
1 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
Smarty.addons.php
View File

@@ -476,14 +476,18 @@ function smarty_func_math() {
Function: smarty_func_fetch Function: smarty_func_fetch
Purpose: fetch file, web or ftp data and display results Purpose: fetch file, web or ftp data and display results
\*======================================================================*/ \*======================================================================*/
function smarty_func_fetch() { function smarty_func_fetch($args,&$smarty_obj) {
extract(func_get_arg(0)); extract($args);
if(empty($file)) { if(empty($file)) {
trigger_error("parameter 'file' cannot be empty"); trigger_error("parameter 'file' cannot be empty");
return; return;
} }
readfile($file); if($smarty_obj->security && !preg_match("/^(http|ftp):\/\//",$file)) {
trigger_error("(secure mode) file must start with http:// or ftp://");
return;
}
readfile($file);
} }
/*======================================================================*\ /*======================================================================*\