smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-03 18:04:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

Finishing up secure mode.

Browse Source
This commit is contained in:
andrey
2001-06-15 14:52:48 +00:00
parent b818436ac3
commit 6d66c568bd
5 changed files with 346 additions and 341 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
Smarty.addons.php
View File

@@ -210,12 +210,12 @@ function smarty_func_assign($args, &$smarty_obj)
extract($args);
if (empty($var)) {
trigger_error("assign: missing 'var' parameter");
$smarty_obj->_trigger_error_msg("assign: missing 'var' parameter");
return;
}
if (empty($value)) {
trigger_error("assign: missing 'value' parameter");
$smarty_obj->_trigger_error_msg("assign: missing 'value' parameter");
return;
}
@@ -423,12 +423,10 @@ function smarty_func_html_select_time()
Function: smarty_func_math
Purpose: allow math computations in template
\*======================================================================*/
function smarty_func_math() {
$args=func_get_arg(0);
function smarty_func_math($args, $smarty_obj) {
// be sure equation parameter is present
if(empty($args["equation"])) {
trigger_error("math: missing equation parameter");
$smarty_obj->_trigger_error_msg("math: missing equation parameter");
return;
}
@@ -436,7 +434,7 @@ function smarty_func_math() {
// make sure parenthesis are balanced
if(substr_count($equation,"(") != substr_count($equation,")")) {
trigger_error("math: unbalanced parenthesis");
$smarty_obj->_trigger_error_msg("math: unbalanced parenthesis");
return;
}
@@ -445,9 +443,10 @@ function smarty_func_math() {
foreach($match[0] as $curr_var) {
if(!in_array($curr_var,array_keys($args)) &&
!in_array($curr_var,array('int','abs','ceil','cos','exp','floor','log','log10',
!in_array($curr_var,
array('int','abs','ceil','cos','exp','floor','log','log10',
'max','min','pi','pow','rand','round','sin','sqrt','srand','tan'))) {
trigger_error("math: parameter $curr_var not passed as argument");
$smarty_obj->_trigger_error_msg("math: parameter $curr_var not passed as argument");
return;
}
}
@@ -456,11 +455,11 @@ function smarty_func_math() {
if($key != "equation" && $key != "format") {
// make sure value is not empty
if(strlen($val)==0) {
trigger_error("math: parameter $key is empty");
$smarty_obj->_trigger_error_msg("math: parameter $key is empty");
return;
}
if(!is_numeric($val)) {
trigger_error("math: parameter $key: is not numeric");
$smarty_obj->_trigger_error_msg("math: parameter $key: is not numeric");
return;
}
$equation = preg_replace("/\b$key\b/",$val,$equation);
@@ -483,10 +482,11 @@ function smarty_func_fetch($args,&$smarty_obj) {
extract($args);
if (empty($file)) {
trigger_error("parameter 'file' cannot be empty");
$smarty_obj->_trigger_error_msg("parameter 'file' cannot be empty");
return;
}
if($smarty_obj->security && !preg_match("/^(http|ftp):\/\//",$file)) {
if ($smarty_obj->security && !preg_match('!^(http|ftp)://!', $file)) {
// make sure fetched file comes from secure directory
foreach ($smarty_obj->secure_dir as $curr_dir) {
if (substr(realpath($file), 0, strlen(realpath($curr_dir))) == realpath($curr_dir)) {
@@ -495,10 +495,11 @@ function smarty_func_fetch($args,&$smarty_obj) {
}
}
if (!$resource_is_secure) {
trigger_error("(secure mode) fetching '$file' is not allowed");
$smarty_obj->_trigger_error_msg("(secure mode) fetching '$file' is not allowed");
return;
}
}
readfile($file);
}

14
Smarty.class.php
View File

@@ -103,11 +103,13 @@ class Smarty
var $security = false; // enable template security (default false)
var $secure_dir = array("./templates"); // array of directories considered secure
var $security_settings = array(
"ALLOW_PHP_HANDLING" => false,
"ALLOW_IF_FUNCS" => array('count','is_array'),
"ALLOW_INCLUDE_ANY" => false,
"ALLOW_PHP_TAGS" => false,
"ALLOW_MODIFIER_FUNCS" => array('count')
'PHP_HANDLING' => false,
'IF_FUNCS' => array('array', 'list',
'isset', 'empty',
'count', 'in_array'),
'INCLUDE_ANY' => false,
'PHP_TAGS' => false,
'MODIFIER_FUNCS' => array('count')
);
var $left_delimiter = '{'; // template tag delimiters.
@@ -654,7 +656,7 @@ class Smarty
$resource_name = $this->template_dir.'/'.$resource_name;
}
// if security is on, make sure template comes from a $secure_dir
if($this->security && !$this->security_settings["ALLOW_INCLUDE_ANY"]) {
if ($this->security && !$this->security_settings['INCLUDE_ANY']) {
$resource_is_secure = false;
foreach ($this->secure_dir as $curr_dir) {
if (substr(realpath($resource_name),0,strlen(realpath($curr_dir))) == realpath($curr_dir)) {

16
Smarty_Compiler.class.php
View File

@@ -54,11 +54,10 @@ class Smarty_Compiler extends Smarty {
\*======================================================================*/
function _compile_file($tpl_file, $template_source, &$template_compiled)
{
if($this->security) {
// do not allow php syntax to be executed unless specified
if ($this->php_handling == SMARTY_PHP_ALLOW &&
!$this->security_settings["ALLOW_PHP_HANDLING"]) {
!$this->security_settings['PHP_HANDLING']) {
$this->php_handling = SMARTY_PHP_PASSTHRU;
}
}
@@ -248,7 +247,7 @@ class Smarty_Compiler extends Smarty {
return "<?php echo '".str_replace("'","\'",$literal_block)."'; ?>\n";
case 'php':
if($this->security && !$this->security_settings["ALLOW_PHP_TAGS"]) {
if ($this->security && !$this->security_settings['PHP_TAGS']) {
$this->_syntax_error("(secure mode) php tags not permitted", E_USER_WARNING);
return;
}
@@ -561,11 +560,12 @@ class Smarty_Compiler extends Smarty {
current position for the next iteration. */
$i = $is_arg_start;
break;
default:
if($this->security
&& $tokens[$i+1] == '('
&& !preg_match("|[^a-zA-Z_-]|",$tokens[$i])
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
if($this->security &&
$tokens[$i+1] == '(' &&
!preg_match("|[^a-zA-Z_]|",$tokens[$i]) &&
!in_array($tokens[$i], $this->security_settings['IF_FUNCS'])) {
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
}
break;
@@ -855,7 +855,7 @@ class Smarty_Compiler extends Smarty {
* function name.
*/
if (!isset($mod_func_name)) {
if($this->security && !in_array($modifier_name,$this->security_settings["ALLOW_MODIFIER_FUNCS"])) {
if ($this->security && !in_array($modifier_name, $this->security_settings['MODIFIER_FUNCS'])) {
$this->_syntax_error("(secure mode) modifier '$modifier_name' is not allowed", E_USER_WARNING);
continue;
} else {

14
libs/Smarty.class.php
View File

@@ -103,11 +103,13 @@ class Smarty
var $security = false; // enable template security (default false)
var $secure_dir = array("./templates"); // array of directories considered secure
var $security_settings = array(
"ALLOW_PHP_HANDLING" => false,
"ALLOW_IF_FUNCS" => array('count','is_array'),
"ALLOW_INCLUDE_ANY" => false,
"ALLOW_PHP_TAGS" => false,
"ALLOW_MODIFIER_FUNCS" => array('count')
'PHP_HANDLING' => false,
'IF_FUNCS' => array('array', 'list',
'isset', 'empty',
'count', 'in_array'),
'INCLUDE_ANY' => false,
'PHP_TAGS' => false,
'MODIFIER_FUNCS' => array('count')
);
var $left_delimiter = '{'; // template tag delimiters.
@@ -654,7 +656,7 @@ class Smarty
$resource_name = $this->template_dir.'/'.$resource_name;
}
// if security is on, make sure template comes from a $secure_dir
if($this->security && !$this->security_settings["ALLOW_INCLUDE_ANY"]) {
if ($this->security && !$this->security_settings['INCLUDE_ANY']) {
$resource_is_secure = false;
foreach ($this->secure_dir as $curr_dir) {
if (substr(realpath($resource_name),0,strlen(realpath($curr_dir))) == realpath($curr_dir)) {

16
libs/Smarty_Compiler.class.php
View File

@@ -54,11 +54,10 @@ class Smarty_Compiler extends Smarty {
\*======================================================================*/
function _compile_file($tpl_file, $template_source, &$template_compiled)
{
if($this->security) {
// do not allow php syntax to be executed unless specified
if ($this->php_handling == SMARTY_PHP_ALLOW &&
!$this->security_settings["ALLOW_PHP_HANDLING"]) {
!$this->security_settings['PHP_HANDLING']) {
$this->php_handling = SMARTY_PHP_PASSTHRU;
}
}
@@ -248,7 +247,7 @@ class Smarty_Compiler extends Smarty {
return "<?php echo '".str_replace("'","\'",$literal_block)."'; ?>\n";
case 'php':
if($this->security && !$this->security_settings["ALLOW_PHP_TAGS"]) {
if ($this->security && !$this->security_settings['PHP_TAGS']) {
$this->_syntax_error("(secure mode) php tags not permitted", E_USER_WARNING);
return;
}
@@ -561,11 +560,12 @@ class Smarty_Compiler extends Smarty {
current position for the next iteration. */
$i = $is_arg_start;
break;
default:
if($this->security
&& $tokens[$i+1] == '('
&& !preg_match("|[^a-zA-Z_-]|",$tokens[$i])
&& !in_array($tokens[$i],$this->security_settings["ALLOW_IF_FUNCS"])) {
if($this->security &&
$tokens[$i+1] == '(' &&
!preg_match("|[^a-zA-Z_]|",$tokens[$i]) &&
!in_array($tokens[$i], $this->security_settings['IF_FUNCS'])) {
$this->_syntax_error("(secure mode) '".$tokens[$i]."' not allowed in if statement");
}
break;
@@ -855,7 +855,7 @@ class Smarty_Compiler extends Smarty {
* function name.
*/
if (!isset($mod_func_name)) {
if($this->security && !in_array($modifier_name,$this->security_settings["ALLOW_MODIFIER_FUNCS"])) {
if ($this->security && !in_array($modifier_name, $this->security_settings['MODIFIER_FUNCS'])) {
$this->_syntax_error("(secure mode) modifier '$modifier_name' is not allowed", E_USER_WARNING);
continue;
} else {