diff --git a/Smarty_Compiler.class.php b/Smarty_Compiler.class.php index 0c0e854f..d4911bd2 100644 --- a/Smarty_Compiler.class.php +++ b/Smarty_Compiler.class.php @@ -485,6 +485,12 @@ class Smarty_Compiler extends Smarty { $is_arg_stack = array(); for ($i = 0; $i < count($tokens); $i++) { + + if($this->security && $tokens[$i+1] == '(' && !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) { + $this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement"); + } + + $token = &$tokens[$i]; switch ($token) { case 'eq': diff --git a/docs.sgml b/docs.sgml index 8c0eb415..18bb330f 100644 --- a/docs.sgml +++ b/docs.sgml @@ -2712,12 +2712,10 @@ OUTPUT: include a trailing slash on your web page fetches where necessary. - TECHNICAL NOTE: This function may be a security concern if you are - allowing third parties to modify templates. i.e., they can access - files on your system out side of the template directory. To disable - this function, unregister it in your - application. + TECHNICAL NOTE: If template security is turned on and you are + fetching a file from the local file system, this will only allow + files from within one of the defined secure directories. + ($secure_dir) fetch diff --git a/libs/Smarty_Compiler.class.php b/libs/Smarty_Compiler.class.php index 0c0e854f..d4911bd2 100644 --- a/libs/Smarty_Compiler.class.php +++ b/libs/Smarty_Compiler.class.php @@ -485,6 +485,12 @@ class Smarty_Compiler extends Smarty { $is_arg_stack = array(); for ($i = 0; $i < count($tokens); $i++) { + + if($this->security && $tokens[$i+1] == '(' && !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) { + $this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement"); + } + + $token = &$tokens[$i]; switch ($token) { case 'eq':