mirror of
https://github.com/smarty-php/smarty.git
synced 2026-04-28 18:02:07 +02:00
- bugfix support of script files relative to trusted_dir
This commit is contained in:
Uwe.Tews
@@ -35,7 +35,6 @@ class Smarty_Internal_Compile_Insert extends Smarty_Internal_CompileBase {
|
||||
$_output = '<?php ';
|
||||
// save posible attributes
|
||||
eval('$_name = ' . $_attr['name'] . ';');
|
||||
$_function = "insert_{$_name}";
|
||||
if (isset($_attr['assign'])) {
|
||||
// output will be stored in a smarty variable instead of beind displayed
|
||||
$_assign = $_attr['assign'];
|
||||
@@ -44,22 +43,47 @@ class Smarty_Internal_Compile_Insert extends Smarty_Internal_CompileBase {
|
||||
}
|
||||
if (isset($_attr['script'])) {
|
||||
// script which must be included
|
||||
$_function = "smarty_insert_{$_name}";
|
||||
$_smarty_tpl = $compiler->template;
|
||||
$_filepath = false;
|
||||
eval('$_script = ' . $_attr['script'] . ';');
|
||||
if (!file_exists($_script)) {
|
||||
$this->compiler->trigger_template_error("{insert} missing script file '{$_script}'");
|
||||
if (!$this->compiler->smarty->security && file_exists($_script)) {
|
||||
$_filepath = $_script;
|
||||
} else {
|
||||
if ($this->compiler->smarty->security) {
|
||||
$_dir = $this->compiler->smarty->security_policy->trusted_dir;
|
||||
} else {
|
||||
$_dir = $this->compiler->smarty->trusted_dir;
|
||||
}
|
||||
if (!empty($_dir)) {
|
||||
foreach((array)$_dir as $_script_dir) {
|
||||
if (strpos('/\\', substr($_script_dir, -1)) === false) {
|
||||
$_script_dir .= DS;
|
||||
}
|
||||
if (file_exists($_script_dir . $_script)) {
|
||||
$_filepath = $_script_dir . $_script;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($_filepath == false) {
|
||||
$this->compiler->trigger_template_error("{insert} missing script file '{$_script}'", $this->compiler->lex->taglineno);
|
||||
}
|
||||
// code for script file loading
|
||||
$_output .= "require_once '{$_script}' ;";
|
||||
require_once $_script;
|
||||
$_output .= "require_once '{$_filepath}' ;";
|
||||
require_once $_filepath;
|
||||
if (!is_callable($_function)) {
|
||||
$this->compiler->trigger_template_error(" {insert} function '{$_name}' is not callable");
|
||||
$this->compiler->trigger_template_error(" {insert} function '{$_function}' is not callable in script file '{$_script}'", $this->compiler->lex->taglineno);
|
||||
}
|
||||
} else {
|
||||
$_script = 'null';
|
||||
$_filepath = 'null';
|
||||
$_function = "insert_{$_name}";
|
||||
// function in PHP script ?
|
||||
if (!is_callable($_function)) {
|
||||
// try plugin
|
||||
if (!$_function = $this->compiler->getPlugin($_name, 'insert')) {
|
||||
$this->compiler->trigger_template_error("{insert} no function or plugin found for '{$_name}'");
|
||||
$this->compiler->trigger_template_error("{insert} no function or plugin found for '{$_name}'", $this->compiler->lex->taglineno);
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -74,14 +98,14 @@ class Smarty_Internal_Compile_Insert extends Smarty_Internal_CompileBase {
|
||||
// call insert
|
||||
if (isset($_assign)) {
|
||||
if ($_smarty_tpl->caching) {
|
||||
$_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_script}',{$_assign});?>";
|
||||
$_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_filepath}',{$_assign});?>";
|
||||
} else {
|
||||
$_output .= "\$_smarty_tpl->assign({$_assign} , {$_function} ({$_params},\$_smarty_tpl->smarty,\$_smarty_tpl), true);?>";
|
||||
}
|
||||
} else {
|
||||
$this->compiler->has_output = true;
|
||||
if ($_smarty_tpl->caching) {
|
||||
$_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_script}');?>";
|
||||
$_output .= "echo Smarty_Internal_Nocache_Insert::compile ('{$_function}',{$_params}, \$_smarty_tpl, '{$_filepath}');?>";
|
||||
} else {
|
||||
$_output .= "echo {$_function}({$_params},\$_smarty_tpl->smarty,\$_smarty_tpl);?>";
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user