smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2026-04-19 07:58:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

added secure_dir array for multiple secure directories

Browse Source
This commit is contained in:
mohrt
2001-06-13 20:26:03 +00:00
parent 098630af9d
commit 7ea781c510
3 changed files with 37 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Smarty.addons.php
View File

@@ -484,8 +484,17 @@ function smarty_func_fetch($args,&$smarty_obj) {
return;
}
if($smarty_obj->security && !preg_match("/^(http|ftp):\/\//",$file)) {
trigger_error("(secure mode) file must start with http:// or ftp://");
return;
// make sure fetched file comes from secure directory
foreach($smarty_obj->secure_dir as $curr_dir) {
if(substr(realpath($file),0,strlen(realpath($curr_dir))) == realpath($curr_dir)) {
$resource_is_secure = true;
break;
}
}
if(!$resource_is_secure) {
trigger_error("(secure mode) fetching '$file' is not allowed");
return;
}
}
readfile($file);
}