smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 02:14:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

update ChangeLog

Browse Source
This commit is contained in:
mohrt
2001-12-04 22:31:47 +00:00
parent 5f22e1f756
commit 7014505d59
5 changed files with 113 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
NEWS
View File

@@ -1,3 +1,4 @@
- add include_php built-in function (Monte)
- added trusted_dir functionality, documented. (Monte)
- consolidated secure_dir tests to one function. (Monte)
- prepended _smarty_ to variable names in fetch() class function to avoid

28
Smarty.class.php
View File

@@ -589,7 +589,7 @@ class Smarty
$_smarty_trusted = false;
if ($this->security) {
$this->_parse_tpl_path($_smarty_tpl_file, $resource_type, $resource_name);
$this->_parse_file_path($this->template_dir, $_smarty_tpl_file, $resource_type, $resource_name);
if ($this->_is_trusted($resource_type, $resource_name)) {
$_smarty_trusted = true;
$this->security = false;
@@ -851,26 +851,27 @@ function _is_trusted($resource_type, $resource_name)
}
/*======================================================================*\
Function: _parse_tpl_path
Function: _parse_file_path
Purpose: parse out the type and name from the template resource
\*======================================================================*/
function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
// split tpl_path by the first colon
$tpl_path_parts = explode(':', $tpl_path, 2);
function _parse_file_path($file_base_path, $file_path, &$resource_type, &$resource_name) {
if (count($tpl_path_parts) == 1) {
// split tpl_path by the first colon
$file_path_parts = explode(':', $file_path, 2);
if (count($file_path_parts) == 1) {
// no resource type, treat as type "file"
$resource_type = 'file';
$resource_name = $tpl_path_parts[0];
$resource_name = $file_path_parts[0];
} else {
$resource_type = $tpl_path_parts[0];
$resource_name = $tpl_path_parts[1];
$resource_type = $file_path_parts[0];
$resource_name = $file_path_parts[1];
}
if ($resource_type == 'file') {
if (!preg_match("/^([\/\\\\]|[a-zA-Z]:[\/\\\\])/", $resource_name)) {
// relative pathname to $template_dir
$resource_name = $this->template_dir.'/'.$resource_name;
// relative pathname to $file_base_path
$resource_name = $file_base_path.'/'.$resource_name;
}
}
}
@@ -884,7 +885,7 @@ function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
function _fetch_template_info($tpl_path, &$template_source, &$template_timestamp, $get_source=true)
{
$this->_parse_tpl_path($tpl_path, $resource_type, $resource_name);
$this->_parse_file_path($this->template_dir, $tpl_path, $resource_type, $resource_name);
switch ($resource_type) {
case 'file':
@@ -954,6 +955,7 @@ function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
$smarty_compiler->security = $this->security;
$smarty_compiler->secure_dir = $this->secure_dir;
$smarty_compiler->security_settings = $this->security_settings;
$smarty_compiler->trusted_dir = $this->trusted_dir;
if ($smarty_compiler->_compile_file($tpl_file, $template_source, $template_compiled))
return true;
@@ -983,7 +985,7 @@ function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
array_unshift($this->_config, $this->_config[0]);
$compile_path = $this->_get_compile_path($_smarty_include_tpl_file);
$this->_parse_tpl_path($_smarty_include_tpl_file, $resource_type, $resource_name);
$this->_parse_file_path($this->template_dir, $_smarty_include_tpl_file, $resource_type, $resource_name);
if ($this->security && $this->_is_trusted($resource_type, $resource_name)) {
$_smarty_trusted = true;
$this->security = false;

42
Smarty_Compiler.class.php
View File

@@ -219,6 +219,9 @@ class Smarty_Compiler extends Smarty {
case 'include':
return $this->_compile_include_tag($tag_args);
case 'include_php':
return $this->_compile_include_php_tag($tag_args);
case 'if':
return $this->_compile_if_tag($tag_args);
@@ -440,6 +443,45 @@ class Smarty_Compiler extends Smarty {
"unset(\$_smarty_tpl_vars); ?>";
}
/*======================================================================*\
Function: _compile_include_php_tag
Purpose: Compile {include ...} tag
\*======================================================================*/
function _compile_include_php_tag($tag_args)
{
$attrs = $this->_parse_attrs($tag_args);
$arg_list = array();
if (empty($attrs['file'])) {
$this->_syntax_error("missing 'file' attribute in include_php tag");
return false;
}
if($this->security) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($attrs['file']), $resource_type, $resource_name);
if( $resource_type != 'file' || !is_file( $resource_name )) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable");
return false;
}
if(!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
foreach ($attrs as $arg_name => $arg_value) {
if ($arg_name == 'file') {
$include_file = $arg_value;
continue;
}
if (is_bool($arg_value))
$arg_value = $arg_value ? 'true' : 'false';
$arg_list[] = "'$arg_name' => $arg_value";
}
return "<?php include('".$resource_name."'); ?>";
}
/*======================================================================*\
Function: _compile_section_start

28
libs/Smarty.class.php
View File

@@ -589,7 +589,7 @@ class Smarty
$_smarty_trusted = false;
if ($this->security) {
$this->_parse_tpl_path($_smarty_tpl_file, $resource_type, $resource_name);
$this->_parse_file_path($this->template_dir, $_smarty_tpl_file, $resource_type, $resource_name);
if ($this->_is_trusted($resource_type, $resource_name)) {
$_smarty_trusted = true;
$this->security = false;
@@ -851,26 +851,27 @@ function _is_trusted($resource_type, $resource_name)
}
/*======================================================================*\
Function: _parse_tpl_path
Function: _parse_file_path
Purpose: parse out the type and name from the template resource
\*======================================================================*/
function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
// split tpl_path by the first colon
$tpl_path_parts = explode(':', $tpl_path, 2);
function _parse_file_path($file_base_path, $file_path, &$resource_type, &$resource_name) {
if (count($tpl_path_parts) == 1) {
// split tpl_path by the first colon
$file_path_parts = explode(':', $file_path, 2);
if (count($file_path_parts) == 1) {
// no resource type, treat as type "file"
$resource_type = 'file';
$resource_name = $tpl_path_parts[0];
$resource_name = $file_path_parts[0];
} else {
$resource_type = $tpl_path_parts[0];
$resource_name = $tpl_path_parts[1];
$resource_type = $file_path_parts[0];
$resource_name = $file_path_parts[1];
}
if ($resource_type == 'file') {
if (!preg_match("/^([\/\\\\]|[a-zA-Z]:[\/\\\\])/", $resource_name)) {
// relative pathname to $template_dir
$resource_name = $this->template_dir.'/'.$resource_name;
// relative pathname to $file_base_path
$resource_name = $file_base_path.'/'.$resource_name;
}
}
}
@@ -884,7 +885,7 @@ function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
function _fetch_template_info($tpl_path, &$template_source, &$template_timestamp, $get_source=true)
{
$this->_parse_tpl_path($tpl_path, $resource_type, $resource_name);
$this->_parse_file_path($this->template_dir, $tpl_path, $resource_type, $resource_name);
switch ($resource_type) {
case 'file':
@@ -954,6 +955,7 @@ function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
$smarty_compiler->security = $this->security;
$smarty_compiler->secure_dir = $this->secure_dir;
$smarty_compiler->security_settings = $this->security_settings;
$smarty_compiler->trusted_dir = $this->trusted_dir;
if ($smarty_compiler->_compile_file($tpl_file, $template_source, $template_compiled))
return true;
@@ -983,7 +985,7 @@ function _parse_tpl_path($tpl_path, &$resource_type, &$resource_name) {
array_unshift($this->_config, $this->_config[0]);
$compile_path = $this->_get_compile_path($_smarty_include_tpl_file);
$this->_parse_tpl_path($_smarty_include_tpl_file, $resource_type, $resource_name);
$this->_parse_file_path($this->template_dir, $_smarty_include_tpl_file, $resource_type, $resource_name);
if ($this->security && $this->_is_trusted($resource_type, $resource_name)) {
$_smarty_trusted = true;
$this->security = false;

42
libs/Smarty_Compiler.class.php
View File

@@ -219,6 +219,9 @@ class Smarty_Compiler extends Smarty {
case 'include':
return $this->_compile_include_tag($tag_args);
case 'include_php':
return $this->_compile_include_php_tag($tag_args);
case 'if':
return $this->_compile_if_tag($tag_args);
@@ -440,6 +443,45 @@ class Smarty_Compiler extends Smarty {
"unset(\$_smarty_tpl_vars); ?>";
}
/*======================================================================*\
Function: _compile_include_php_tag
Purpose: Compile {include ...} tag
\*======================================================================*/
function _compile_include_php_tag($tag_args)
{
$attrs = $this->_parse_attrs($tag_args);
$arg_list = array();
if (empty($attrs['file'])) {
$this->_syntax_error("missing 'file' attribute in include_php tag");
return false;
}
if($this->security) {
$this->_parse_file_path($this->trusted_dir, $this->_dequote($attrs['file']), $resource_type, $resource_name);
if( $resource_type != 'file' || !is_file( $resource_name )) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not readable");
return false;
}
if(!$this->_is_trusted($resource_type, $resource_name)) {
$this->_syntax_error("include_php: $resource_type: $resource_name is not trusted");
return false;
}
}
foreach ($attrs as $arg_name => $arg_value) {
if ($arg_name == 'file') {
$include_file = $arg_value;
continue;
}
if (is_bool($arg_value))
$arg_value = $arg_value ? 'true' : 'false';
$arg_list[] = "'$arg_name' => $arg_value";
}
return "<?php include('".$resource_name."'); ?>";
}
/*======================================================================*\
Function: _compile_section_start