From 840b968babd58e8770db0dadd7e0f734ccb19a8b Mon Sep 17 00:00:00 2001
From: messju <messju@localhost>
Date: Thu, 18 Mar 2004 19:36:36 +0000
Subject: [PATCH] removed merging of $smarty->template_dir into
 $smarty->secure_dir

the resource_base_path is considerd secure instead. this change should
have absolutely no impact on smarty's security's behaviour
---
 libs/core/core.is_secure.php | 27 ++++++++++++++-------------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/libs/core/core.is_secure.php b/libs/core/core.is_secure.php
index 5f069b53..089306a3 100644
--- a/libs/core/core.is_secure.php
+++ b/libs/core/core.is_secure.php
@@ -17,41 +17,42 @@
 
 function smarty_core_is_secure($params, &$smarty)
 {
-    static $check_template_dir = true;
-
     if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
         return true;
     }
 
-    $_smarty_secure = false;
     if ($params['resource_type'] == 'file') {
-        if($check_template_dir) {
-            if (!in_array($smarty->template_dir, $smarty->secure_dir))
-                // add template_dir to secure_dir array
-                array_unshift($smarty->secure_dir, $smarty->template_dir);
-            $check_template_dir = false;
+        $_rp = realpath($params['resource_name']);
+        if (isset($params['resource_base_path'])) {
+            foreach ((array)$params['resource_base_path'] as $curr_dir) {
+                if ( !empty($curr_dir) && is_readable ($curr_dir)) {
+                    $_cd = realpath($curr_dir);
+                    if (strncmp($_rp, $_cd, strlen($_cd)) == 0
+                        && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
+                        return true;
+                    }
+                }
+            }
         }
         if (!empty($smarty->secure_dir)) {
-            $_rp = realpath($params['resource_name']);
             foreach ((array)$smarty->secure_dir as $curr_dir) {
                 if ( !empty($curr_dir) && is_readable ($curr_dir)) {
                     $_cd = realpath($curr_dir);
                     if (strncmp($_rp, $_cd, strlen($_cd)) == 0
                         && $_rp{strlen($_cd)} == DIRECTORY_SEPARATOR ) {
-                        $_smarty_secure = true;
-                        break;
+                        return true;
                     }
                 }
             }
         }
     } else {
         // resource is not on local file system
-        $_smarty_secure = call_user_func_array(
+        return call_user_func_array(
             $smarty->_plugins['resource'][$params['resource_type']][0][2],
             array($params['resource_name'], &$smarty));
     }
 
-    return $_smarty_secure;
+    return false;
 }
 
 /* vim: set expandtab: */