From 34cadb491cc4ebce9e99855a441554ca800e402a Mon Sep 17 00:00:00 2001 From: "monte.ohrt" Date: Thu, 30 Apr 2009 21:51:19 +0000 Subject: [PATCH] disallow writing to super globals from within the template. also add ability to disable super global access with security enabled --- libs/Smarty.class.php | 44 +++++++++++++++++++++++++++++++++- libs/Smarty_Compiler.class.php | 24 ++++++++++++++----- 2 files changed, 61 insertions(+), 7 deletions(-) diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php index ef52c019..d9cdeae4 100644 --- a/libs/Smarty.class.php +++ b/libs/Smarty.class.php @@ -236,7 +236,8 @@ class Smarty 'INCLUDE_ANY' => false, 'PHP_TAGS' => false, 'MODIFIER_FUNCS' => array('count'), - 'ALLOW_CONSTANTS' => false + 'ALLOW_CONSTANTS' => false, + 'ALLOW_SUPER_GLOBALS' => true ); /** @@ -1950,6 +1951,47 @@ class Smarty return $function; } } + + /** + * wrapper for super global access + * @return mixed + */ + function _get_super($type,$name) + { + // don't display anything if not allowed + if($this->security && !$this->security_settings['ALLOW_SUPER_GLOBALS']) { + $this->trigger_error('security error: super global access not allowed'); + return false; + } + if(empty($type)||empty($name)) + return null; + switch($type) { + case 'get': + return $this->request_use_auto_globals ? $_GET[$name] : $GLOBALS['HTTP_GET_VARS'][$name]; + break; + case 'post': + return $this->request_use_auto_globals ? $_POST[$name] : $GLOBALS['HTTP_POST_VARS'][$name]; + break; + case 'server': + return $this->request_use_auto_globals ? $_SERVER[$name] : $GLOBALS['HTTP_SERVER_VARS'][$name]; + break; + case 'session': + return $this->request_use_auto_globals ? $_SESSION[$name] : $GLOBALS['HTTP_SESSION_VARS'][$name]; + break; + case 'request': + return $this->request_use_auto_globals ? $_REQUEST[$name] : $GLOBALS['HTTP_REQUEST_VARS'][$name]; + break; + case 'cookies': + return $this->request_use_auto_globals ? $_COOKIE[$name] : $GLOBALS['HTTP_COOKIE_VARS'][$name]; + break; + case 'env': + return $this->request_use_auto_globals ? $_ENV[$name] : $GLOBALS['HTTP_ENV_VARS'][$name]; + break; + default: + return null; + break; + } + } /**#@-*/ diff --git a/libs/Smarty_Compiler.class.php b/libs/Smarty_Compiler.class.php index 166cfc78..3be28732 100644 --- a/libs/Smarty_Compiler.class.php +++ b/libs/Smarty_Compiler.class.php @@ -2047,27 +2047,39 @@ class Smarty_Compiler extends Smarty { break; case 'get': - $compiled_ref = ($this->request_use_auto_globals) ? '$_GET' : "\$GLOBALS['HTTP_GET_VARS']"; + $_ref_val = substr($indexes[1], 1); + $compiled_ref = "\$this->_get_super('get','$_ref_val')"; + array_shift($indexes); break; case 'post': - $compiled_ref = ($this->request_use_auto_globals) ? '$_POST' : "\$GLOBALS['HTTP_POST_VARS']"; + $_ref_val = substr($indexes[1], 1); + $compiled_ref = "\$this->_get_super('post','$_ref_val')"; + array_shift($indexes); break; case 'cookies': - $compiled_ref = ($this->request_use_auto_globals) ? '$_COOKIE' : "\$GLOBALS['HTTP_COOKIE_VARS']"; + $_ref_val = substr($indexes[1], 1); + $compiled_ref = "\$this->_get_super('cookies','$_ref_val')"; + array_shift($indexes); break; case 'env': - $compiled_ref = ($this->request_use_auto_globals) ? '$_ENV' : "\$GLOBALS['HTTP_ENV_VARS']"; + $_ref_val = substr($indexes[1], 1); + $compiled_ref = "\$this->_get_super('env','$_ref_val')"; + array_shift($indexes); break; case 'server': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SERVER' : "\$GLOBALS['HTTP_SERVER_VARS']"; + $_ref_val = substr($indexes[1], 1); + $compiled_ref = "\$this->_get_super('server','$_ref_val')"; + array_shift($indexes); break; case 'session': - $compiled_ref = ($this->request_use_auto_globals) ? '$_SESSION' : "\$GLOBALS['HTTP_SESSION_VARS']"; + $_ref_val = substr($indexes[1], 1); + $compiled_ref = "\$this->_get_super('session','$_ref_val')"; + array_shift($indexes); break; /*