smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2026-05-04 03:40:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

limit the template nesting level by security

Browse Source
This commit is contained in:
Uwe Tews
2014-12-30 12:57:43 +01:00
parent 1da50aa61d
commit 6be6bf7b70
5 changed files with 63 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
libs/sysplugins/smarty_security.php
+36 -1
View File
@@ -141,7 +141,18 @@ class Smarty_Security
* @var boolean
*/
public $allow_super_globals = true;
/**
* max template nesting level
*
* @var int
*/
public $max_template_nesting = 0;
/**
* current template nesting level
*
* @var int
*/
private $_current_template_nesting = 0;
/**
* Cache for $resource_dir lookup
*
@@ -502,4 +513,28 @@ class Smarty_Security
throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
}
/**
* Start template processing
*
* @param $template
*
* @throws SmartyException
*/
public function startTemplate($template) {
if ($this->max_template_nesting > 0 && $this->_current_template_nesting++ >= $this->max_template_nesting) {
throw new SmartyException("maximum template nesting level of '{$this->max_template_nesting}' exceeded when calling '{$template->template_resource}'");
}
}
/**
* Exit template processing
*
* @param $template
*/
public function exitTemplate($template) {
if ($this->max_template_nesting > 0) {
$this->_current_template_nesting --;
}
}
}