mirror of
https://github.com/smarty-php/smarty.git
synced 2025-08-03 18:04:26 +02:00
Finishing up secure mode.
This commit is contained in:
andrey
@@ -210,12 +210,12 @@ function smarty_func_assign($args, &$smarty_obj)
|
|||||||
extract($args);
|
extract($args);
|
||||||
|
|
||||||
if (empty($var)) {
|
if (empty($var)) {
|
||||||
trigger_error("assign: missing 'var' parameter");
|
$smarty_obj->_trigger_error_msg("assign: missing 'var' parameter");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($value)) {
|
if (empty($value)) {
|
||||||
trigger_error("assign: missing 'value' parameter");
|
$smarty_obj->_trigger_error_msg("assign: missing 'value' parameter");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -423,12 +423,10 @@ function smarty_func_html_select_time()
|
|||||||
Function: smarty_func_math
|
Function: smarty_func_math
|
||||||
Purpose: allow math computations in template
|
Purpose: allow math computations in template
|
||||||
\*======================================================================*/
|
\*======================================================================*/
|
||||||
function smarty_func_math() {
|
function smarty_func_math($args, $smarty_obj) {
|
||||||
$args=func_get_arg(0);
|
|
||||||
|
|
||||||
// be sure equation parameter is present
|
// be sure equation parameter is present
|
||||||
if(empty($args["equation"])) {
|
if(empty($args["equation"])) {
|
||||||
trigger_error("math: missing equation parameter");
|
$smarty_obj->_trigger_error_msg("math: missing equation parameter");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -436,7 +434,7 @@ function smarty_func_math() {
|
|||||||
|
|
||||||
// make sure parenthesis are balanced
|
// make sure parenthesis are balanced
|
||||||
if(substr_count($equation,"(") != substr_count($equation,")")) {
|
if(substr_count($equation,"(") != substr_count($equation,")")) {
|
||||||
trigger_error("math: unbalanced parenthesis");
|
$smarty_obj->_trigger_error_msg("math: unbalanced parenthesis");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -445,9 +443,10 @@ function smarty_func_math() {
|
|||||||
|
|
||||||
foreach($match[0] as $curr_var) {
|
foreach($match[0] as $curr_var) {
|
||||||
if(!in_array($curr_var,array_keys($args)) &&
|
if(!in_array($curr_var,array_keys($args)) &&
|
||||||
!in_array($curr_var,array('int','abs','ceil','cos','exp','floor','log','log10',
|
!in_array($curr_var,
|
||||||
|
array('int','abs','ceil','cos','exp','floor','log','log10',
|
||||||
'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'))) {
|
'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'))) {
|
||||||
trigger_error("math: parameter $curr_var not passed as argument");
|
$smarty_obj->_trigger_error_msg("math: parameter $curr_var not passed as argument");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -456,11 +455,11 @@ function smarty_func_math() {
|
|||||||
if($key != "equation" && $key != "format") {
|
if($key != "equation" && $key != "format") {
|
||||||
// make sure value is not empty
|
// make sure value is not empty
|
||||||
if(strlen($val)==0) {
|
if(strlen($val)==0) {
|
||||||
trigger_error("math: parameter $key is empty");
|
$smarty_obj->_trigger_error_msg("math: parameter $key is empty");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if(!is_numeric($val)) {
|
if(!is_numeric($val)) {
|
||||||
trigger_error("math: parameter $key: is not numeric");
|
$smarty_obj->_trigger_error_msg("math: parameter $key: is not numeric");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
$equation = preg_replace("/\b$key\b/",$val,$equation);
|
$equation = preg_replace("/\b$key\b/",$val,$equation);
|
||||||
@@ -483,10 +482,11 @@ function smarty_func_fetch($args,&$smarty_obj) {
|
|||||||
extract($args);
|
extract($args);
|
||||||
|
|
||||||
if (empty($file)) {
|
if (empty($file)) {
|
||||||
trigger_error("parameter 'file' cannot be empty");
|
$smarty_obj->_trigger_error_msg("parameter 'file' cannot be empty");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
if($smarty_obj->security && !preg_match("/^(http|ftp):\/\//",$file)) {
|
|
||||||
|
if ($smarty_obj->security && !preg_match('!^(http|ftp)://!', $file)) {
|
||||||
// make sure fetched file comes from secure directory
|
// make sure fetched file comes from secure directory
|
||||||
foreach ($smarty_obj->secure_dir as $curr_dir) {
|
foreach ($smarty_obj->secure_dir as $curr_dir) {
|
||||||
if (substr(realpath($file), 0, strlen(realpath($curr_dir))) == realpath($curr_dir)) {
|
if (substr(realpath($file), 0, strlen(realpath($curr_dir))) == realpath($curr_dir)) {
|
||||||
@@ -495,10 +495,11 @@ function smarty_func_fetch($args,&$smarty_obj) {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!$resource_is_secure) {
|
if (!$resource_is_secure) {
|
||||||
trigger_error("(secure mode) fetching '$file' is not allowed");
|
$smarty_obj->_trigger_error_msg("(secure mode) fetching '$file' is not allowed");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
readfile($file);
|
readfile($file);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -103,11 +103,13 @@ class Smarty
|
|||||||
var $security = false; // enable template security (default false)
|
var $security = false; // enable template security (default false)
|
||||||
var $secure_dir = array("./templates"); // array of directories considered secure
|
var $secure_dir = array("./templates"); // array of directories considered secure
|
||||||
var $security_settings = array(
|
var $security_settings = array(
|
||||||
"ALLOW_PHP_HANDLING" => false,
|
'PHP_HANDLING' => false,
|
||||||
"ALLOW_IF_FUNCS" => array('count','is_array'),
|
'IF_FUNCS' => array('array', 'list',
|
||||||
"ALLOW_INCLUDE_ANY" => false,
|
'isset', 'empty',
|
||||||
"ALLOW_PHP_TAGS" => false,
|
'count', 'in_array'),
|
||||||
"ALLOW_MODIFIER_FUNCS" => array('count')
|
'INCLUDE_ANY' => false,
|
||||||
|
'PHP_TAGS' => false,
|
||||||
|
'MODIFIER_FUNCS' => array('count')
|
||||||
);
|
);
|
||||||
|
|
||||||
var $left_delimiter = '{'; // template tag delimiters.
|
var $left_delimiter = '{'; // template tag delimiters.
|
||||||
@@ -654,7 +656,7 @@ class Smarty
|
|||||||
$resource_name = $this->template_dir.'/'.$resource_name;
|
$resource_name = $this->template_dir.'/'.$resource_name;
|
||||||
}
|
}
|
||||||
// if security is on, make sure template comes from a $secure_dir
|
// if security is on, make sure template comes from a $secure_dir
|
||||||
if($this->security && !$this->security_settings["ALLOW_INCLUDE_ANY"]) {
|
if ($this->security && !$this->security_settings['INCLUDE_ANY']) {
|
||||||
$resource_is_secure = false;
|
$resource_is_secure = false;
|
||||||
foreach ($this->secure_dir as $curr_dir) {
|
foreach ($this->secure_dir as $curr_dir) {
|
||||||
if (substr(realpath($resource_name),0,strlen(realpath($curr_dir))) == realpath($curr_dir)) {
|
if (substr(realpath($resource_name),0,strlen(realpath($curr_dir))) == realpath($curr_dir)) {
|
||||||
|
|||||||
@@ -54,11 +54,10 @@ class Smarty_Compiler extends Smarty {
|
|||||||
\*======================================================================*/
|
\*======================================================================*/
|
||||||
function _compile_file($tpl_file, $template_source, &$template_compiled)
|
function _compile_file($tpl_file, $template_source, &$template_compiled)
|
||||||
{
|
{
|
||||||
|
|
||||||
if($this->security) {
|
if($this->security) {
|
||||||
// do not allow php syntax to be executed unless specified
|
// do not allow php syntax to be executed unless specified
|
||||||
if ($this->php_handling == SMARTY_PHP_ALLOW &&
|
if ($this->php_handling == SMARTY_PHP_ALLOW &&
|
||||||
!$this->security_settings["ALLOW_PHP_HANDLING"]) {
|
!$this->security_settings['PHP_HANDLING']) {
|
||||||
$this->php_handling = SMARTY_PHP_PASSTHRU;
|
$this->php_handling = SMARTY_PHP_PASSTHRU;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -248,7 +247,7 @@ class Smarty_Compiler extends Smarty {
|
|||||||
return "<?php echo '".str_replace("'","\'",$literal_block)."'; ?>\n";
|
return "<?php echo '".str_replace("'","\'",$literal_block)."'; ?>\n";
|
||||||
|
|
||||||
case 'php':
|
case 'php':
|
||||||
if($this->security && !$this->security_settings["ALLOW_PHP_TAGS"]) {
|
if ($this->security && !$this->security_settings['PHP_TAGS']) {
|
||||||
$this->_syntax_error("(secure mode) php tags not permitted", E_USER_WARNING);
|
$this->_syntax_error("(secure mode) php tags not permitted", E_USER_WARNING);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -561,11 +560,12 @@ class Smarty_Compiler extends Smarty {
|
|||||||
current position for the next iteration. */
|
current position for the next iteration. */
|
||||||
$i = $is_arg_start;
|
$i = $is_arg_start;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
if($this->security
|
if($this->security &&
|
||||||
&& $tokens[$i+1] == '('
|
$tokens[$i+1] == '(' &&
|
||||||
&& !preg_match("|[^a-zA-Z_-]|",$tokens[$i])
|
!preg_match("|[^a-zA-Z_]|",$tokens[$i]) &&
|
||||||
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
|
!in_array($tokens[$i], $this->security_settings['IF_FUNCS'])) {
|
||||||
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
|
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@@ -855,7 +855,7 @@ class Smarty_Compiler extends Smarty {
|
|||||||
* function name.
|
* function name.
|
||||||
*/
|
*/
|
||||||
if (!isset($mod_func_name)) {
|
if (!isset($mod_func_name)) {
|
||||||
if($this->security && !in_array($modifier_name,$this->security_settings["ALLOW_MODIFIER_FUNCS"])) {
|
if ($this->security && !in_array($modifier_name, $this->security_settings['MODIFIER_FUNCS'])) {
|
||||||
$this->_syntax_error("(secure mode) modifier '$modifier_name' is not allowed", E_USER_WARNING);
|
$this->_syntax_error("(secure mode) modifier '$modifier_name' is not allowed", E_USER_WARNING);
|
||||||
continue;
|
continue;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
@@ -103,11 +103,13 @@ class Smarty
|
|||||||
var $security = false; // enable template security (default false)
|
var $security = false; // enable template security (default false)
|
||||||
var $secure_dir = array("./templates"); // array of directories considered secure
|
var $secure_dir = array("./templates"); // array of directories considered secure
|
||||||
var $security_settings = array(
|
var $security_settings = array(
|
||||||
"ALLOW_PHP_HANDLING" => false,
|
'PHP_HANDLING' => false,
|
||||||
"ALLOW_IF_FUNCS" => array('count','is_array'),
|
'IF_FUNCS' => array('array', 'list',
|
||||||
"ALLOW_INCLUDE_ANY" => false,
|
'isset', 'empty',
|
||||||
"ALLOW_PHP_TAGS" => false,
|
'count', 'in_array'),
|
||||||
"ALLOW_MODIFIER_FUNCS" => array('count')
|
'INCLUDE_ANY' => false,
|
||||||
|
'PHP_TAGS' => false,
|
||||||
|
'MODIFIER_FUNCS' => array('count')
|
||||||
);
|
);
|
||||||
|
|
||||||
var $left_delimiter = '{'; // template tag delimiters.
|
var $left_delimiter = '{'; // template tag delimiters.
|
||||||
@@ -654,7 +656,7 @@ class Smarty
|
|||||||
$resource_name = $this->template_dir.'/'.$resource_name;
|
$resource_name = $this->template_dir.'/'.$resource_name;
|
||||||
}
|
}
|
||||||
// if security is on, make sure template comes from a $secure_dir
|
// if security is on, make sure template comes from a $secure_dir
|
||||||
if($this->security && !$this->security_settings["ALLOW_INCLUDE_ANY"]) {
|
if ($this->security && !$this->security_settings['INCLUDE_ANY']) {
|
||||||
$resource_is_secure = false;
|
$resource_is_secure = false;
|
||||||
foreach ($this->secure_dir as $curr_dir) {
|
foreach ($this->secure_dir as $curr_dir) {
|
||||||
if (substr(realpath($resource_name),0,strlen(realpath($curr_dir))) == realpath($curr_dir)) {
|
if (substr(realpath($resource_name),0,strlen(realpath($curr_dir))) == realpath($curr_dir)) {
|
||||||
|
|||||||
@@ -54,11 +54,10 @@ class Smarty_Compiler extends Smarty {
|
|||||||
\*======================================================================*/
|
\*======================================================================*/
|
||||||
function _compile_file($tpl_file, $template_source, &$template_compiled)
|
function _compile_file($tpl_file, $template_source, &$template_compiled)
|
||||||
{
|
{
|
||||||
|
|
||||||
if($this->security) {
|
if($this->security) {
|
||||||
// do not allow php syntax to be executed unless specified
|
// do not allow php syntax to be executed unless specified
|
||||||
if ($this->php_handling == SMARTY_PHP_ALLOW &&
|
if ($this->php_handling == SMARTY_PHP_ALLOW &&
|
||||||
!$this->security_settings["ALLOW_PHP_HANDLING"]) {
|
!$this->security_settings['PHP_HANDLING']) {
|
||||||
$this->php_handling = SMARTY_PHP_PASSTHRU;
|
$this->php_handling = SMARTY_PHP_PASSTHRU;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -248,7 +247,7 @@ class Smarty_Compiler extends Smarty {
|
|||||||
return "<?php echo '".str_replace("'","\'",$literal_block)."'; ?>\n";
|
return "<?php echo '".str_replace("'","\'",$literal_block)."'; ?>\n";
|
||||||
|
|
||||||
case 'php':
|
case 'php':
|
||||||
if($this->security && !$this->security_settings["ALLOW_PHP_TAGS"]) {
|
if ($this->security && !$this->security_settings['PHP_TAGS']) {
|
||||||
$this->_syntax_error("(secure mode) php tags not permitted", E_USER_WARNING);
|
$this->_syntax_error("(secure mode) php tags not permitted", E_USER_WARNING);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -561,11 +560,12 @@ class Smarty_Compiler extends Smarty {
|
|||||||
current position for the next iteration. */
|
current position for the next iteration. */
|
||||||
$i = $is_arg_start;
|
$i = $is_arg_start;
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
if($this->security
|
if($this->security &&
|
||||||
&& $tokens[$i+1] == '('
|
$tokens[$i+1] == '(' &&
|
||||||
&& !preg_match("|[^a-zA-Z_-]|",$tokens[$i])
|
!preg_match("|[^a-zA-Z_]|",$tokens[$i]) &&
|
||||||
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
|
!in_array($tokens[$i], $this->security_settings['IF_FUNCS'])) {
|
||||||
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
|
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
@@ -855,7 +855,7 @@ class Smarty_Compiler extends Smarty {
|
|||||||
* function name.
|
* function name.
|
||||||
*/
|
*/
|
||||||
if (!isset($mod_func_name)) {
|
if (!isset($mod_func_name)) {
|
||||||
if($this->security && !in_array($modifier_name,$this->security_settings["ALLOW_MODIFIER_FUNCS"])) {
|
if ($this->security && !in_array($modifier_name, $this->security_settings['MODIFIER_FUNCS'])) {
|
||||||
$this->_syntax_error("(secure mode) modifier '$modifier_name' is not allowed", E_USER_WARNING);
|
$this->_syntax_error("(secure mode) modifier '$modifier_name' is not allowed", E_USER_WARNING);
|
||||||
continue;
|
continue;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user