diff --git a/Smarty_Compiler.class.php b/Smarty_Compiler.class.php
index 0c0e854f..d4911bd2 100644
--- a/Smarty_Compiler.class.php
+++ b/Smarty_Compiler.class.php
@@ -485,6 +485,12 @@ class Smarty_Compiler extends Smarty {
$is_arg_stack = array();
for ($i = 0; $i < count($tokens); $i++) {
+
+ if($this->security && $tokens[$i+1] == '(' && !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
+ $this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
+ }
+
+
$token = &$tokens[$i];
switch ($token) {
case 'eq':
diff --git a/docs.sgml b/docs.sgml
index 8c0eb415..18bb330f 100644
--- a/docs.sgml
+++ b/docs.sgml
@@ -2712,12 +2712,10 @@ OUTPUT:
include a trailing slash on your web page fetches where necessary.
- TECHNICAL NOTE: This function may be a security concern if you are
- allowing third parties to modify templates. i.e., they can access
- files on your system out side of the template directory. To disable
- this function, unregister it in your
- application.
+ TECHNICAL NOTE: If template security is turned on and you are
+ fetching a file from the local file system, this will only allow
+ files from within one of the defined secure directories.
+ ($secure_dir)
fetch
diff --git a/libs/Smarty_Compiler.class.php b/libs/Smarty_Compiler.class.php
index 0c0e854f..d4911bd2 100644
--- a/libs/Smarty_Compiler.class.php
+++ b/libs/Smarty_Compiler.class.php
@@ -485,6 +485,12 @@ class Smarty_Compiler extends Smarty {
$is_arg_stack = array();
for ($i = 0; $i < count($tokens); $i++) {
+
+ if($this->security && $tokens[$i+1] == '(' && !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
+ $this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
+ }
+
+
$token = &$tokens[$i];
switch ($token) {
case 'eq':