smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 03:14:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

limit the template nesting level by security

Browse Source
This commit is contained in:
Uwe Tews
2014-12-30 12:57:43 +01:00
parent 1da50aa61d
commit 6be6bf7b70
5 changed files with 63 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
NEW_FEATURES.txt
View File

@@ -13,9 +13,16 @@ Smarty 3.1.22
Security Security
======== ========
- disable special $smarty variable -
The Smarty_Security class has the new property $disabled_special_smarty_vars. The Smarty_Security class has the new property $disabled_special_smarty_vars.
It's an array which can be loaded with the $smarty special variable names like It's an array which can be loaded with the $smarty special variable names like
'template_object', 'template', 'current_dir' and others which will be disabled. 'template_object', 'template', 'current_dir' and others which will be disabled.
Note: That this security checking is performed at compile time. Note: That this security check is performed at compile time.
- limit template nesting -
Property $max_template_nesting of Smarty_Security does set the maximum template nesting level.
The main template is level 1. The nesting level is checked at run time. When the maximum will be exceeded
an Exception will be thrown. The default setting is 0 which does disable this check.

10
change_log.txt
View File

@@ -1,8 +1,12 @@
===== 3.1.22-dev ===== (xx.xx.2014)  ===== 3.1.22-dev ===== (xx.xx.2014)
29.12.2014
- new feature security can now limit the template nesting level by property $max_template_nesting
see also NEW_FEATURES.txt (forum 25370)
29.12.2014 29.12.2014
- new feature security can now disable special $smarty variables listed in property $disabled_special_smarty_vars - new feature security can now disable special $smarty variables listed in property $disabled_special_smarty_vars
see also NEW_FEATURES.txt (forum 25370) see also NEW_FEATURES.txt (forum 25370)
27.12.2014 27.12.2014
- bugfix clear internal _is_file_cache when plugins_dir was modified - bugfix clear internal _is_file_cache when plugins_dir was modified

6
libs/sysplugins/smarty_internal_template.php
View File

@@ -353,6 +353,9 @@ class Smarty_Internal_Template extends Smarty_Internal_TemplateBase
public function getInlineSubTemplate($template, $cache_id, $compile_id, $caching, $cache_lifetime, $data, $parent_scope, $hash, $content_func) public function getInlineSubTemplate($template, $cache_id, $compile_id, $caching, $cache_lifetime, $data, $parent_scope, $hash, $content_func)
{ {
$tpl = $this->setupInlineSubTemplate($template, $cache_id, $compile_id, $caching, $cache_lifetime, $data, $parent_scope, $hash); $tpl = $this->setupInlineSubTemplate($template, $cache_id, $compile_id, $caching, $cache_lifetime, $data, $parent_scope, $hash);
if (isset($this->smarty->security_policy)) {
$this->smarty->security_policy->startTemplate($tpl);
}
if ($this->smarty->debugging) { if ($this->smarty->debugging) {
Smarty_Internal_Debug::start_template($tpl); Smarty_Internal_Debug::start_template($tpl);
@@ -367,6 +370,9 @@ class Smarty_Internal_Template extends Smarty_Internal_TemplateBase
if (!empty($tpl->properties['file_dependency'])) { if (!empty($tpl->properties['file_dependency'])) {
$this->properties['file_dependency'] = array_merge($this->properties['file_dependency'], $tpl->properties['file_dependency']); $this->properties['file_dependency'] = array_merge($this->properties['file_dependency'], $tpl->properties['file_dependency']);
} }
if (isset($this->smarty->security_policy)) {
$this->smarty->security_policy->exitTemplate($tpl);
}
return str_replace($tpl->properties['nocache_hash'], $this->properties['nocache_hash'], ob_get_clean()); return str_replace($tpl->properties['nocache_hash'], $this->properties['nocache_hash'], ob_get_clean());
} }

6
libs/sysplugins/smarty_internal_templatebase.php
View File

@@ -50,6 +50,9 @@ abstract class Smarty_Internal_TemplateBase extends Smarty_Internal_Data
if ($this->smarty->debugging) { if ($this->smarty->debugging) {
Smarty_Internal_Debug::start_template($_template); Smarty_Internal_Debug::start_template($_template);
} }
if (isset($_template->smarty->security_policy)) {
$_template->smarty->security_policy->startTemplate($_template);
}
// if called by Smarty object make sure we use current caching status // if called by Smarty object make sure we use current caching status
if ($this instanceof Smarty) { if ($this instanceof Smarty) {
$_template->caching = $this->caching; $_template->caching = $this->caching;
@@ -323,6 +326,9 @@ abstract class Smarty_Internal_TemplateBase extends Smarty_Internal_Data
if (isset($this->error_reporting)) { if (isset($this->error_reporting)) {
error_reporting($_smarty_old_error_level); error_reporting($_smarty_old_error_level);
} }
if (isset($_template->smarty->security_policy)) {
$_template->smarty->security_policy->exitTemplate($_template);
}
// display or fetch // display or fetch
if ($display) { if ($display) {
if ($this->caching && $this->cache_modified_check) { if ($this->caching && $this->cache_modified_check) {

37
libs/sysplugins/smarty_security.php
View File

@@ -141,7 +141,18 @@ class Smarty_Security
* @var boolean * @var boolean
*/ */
public $allow_super_globals = true; public $allow_super_globals = true;
/**
* max template nesting level
*
* @var int
*/
public $max_template_nesting = 0;
/**
* current template nesting level
*
* @var int
*/
private $_current_template_nesting = 0;
/** /**
* Cache for $resource_dir lookup * Cache for $resource_dir lookup
* *
@@ -502,4 +513,28 @@ class Smarty_Security
throw new SmartyException("directory '{$_filepath}' not allowed by security setting"); throw new SmartyException("directory '{$_filepath}' not allowed by security setting");
} }
/**
* Start template processing
*
* @param $template
*
* @throws SmartyException
*/
public function startTemplate($template) {
if ($this->max_template_nesting > 0 && $this->_current_template_nesting++ >= $this->max_template_nesting) {
throw new SmartyException("maximum template nesting level of '{$this->max_template_nesting}' exceeded when calling '{$template->template_resource}'");
}
}
/**
* Exit template processing
*
* @param $template
*/
public function exitTemplate($template) {
if ($this->max_template_nesting > 0) {
$this->_current_template_nesting --;
}
}
} }