update if statement security feature

Smarty_Compiler.class.php

@@ -485,6 +485,12 @@ class Smarty_Compiler extends Smarty {
         $is_arg_stack = array();
 
         for ($i = 0; $i < count($tokens); $i++) {
+			
+			if($this->security && $tokens[$i+1] == '(' && !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
+                        $this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");				
+			}
+			
+			
             $token = &$tokens[$i];
             switch ($token) {
                 case 'eq':

docs.sgml

@@ -2712,12 +2712,10 @@ OUTPUT:
             include a trailing slash on your web page fetches where necessary.
             </para>
             <para>
-            TECHNICAL NOTE: This function may be a security concern if you are
-            allowing third parties to modify templates. i.e., they can access
-            files on your system out side of the template directory. To disable
-            this function, <link
-            linkend="api.unregister.function">unregister</link> it in your
-            application.
+			TECHNICAL NOTE: If template security is turned on and you are
+			fetching a file from the local file system, this will only allow
+			files from within one of the defined secure directories.
+			($secure_dir)
             </para>
 <example>
 <title>fetch</title>

libs/Smarty_Compiler.class.php

@@ -485,6 +485,12 @@ class Smarty_Compiler extends Smarty {
         $is_arg_stack = array();
 
         for ($i = 0; $i < count($tokens); $i++) {
+			
+			if($this->security && $tokens[$i+1] == '(' && !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
+                        $this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");				
+			}
+			
+			
             $token = &$tokens[$i];
             switch ($token) {
                 case 'eq':