From 9b3ca8956ebdc61fec169c82d92c518fd6d4ca23 Mon Sep 17 00:00:00 2001 From: messju Date: Sun, 12 Oct 2003 22:19:32 +0000 Subject: [PATCH] move check for template_dir in secure_dir-array into core.is_secure.php this makes template_exists() work correctly with security=true even if template_dir is not inside the secure_dir-array --- libs/Smarty.class.php | 5 ----- libs/core/core.is_secure.php | 8 ++++++++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/libs/Smarty.class.php b/libs/Smarty.class.php index 4aee6d1d..39784998 100644 --- a/libs/Smarty.class.php +++ b/libs/Smarty.class.php @@ -1170,11 +1170,6 @@ class Smarty $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(error_reporting() & ~E_NOTICE); - if($this->security && !in_array($this->template_dir, $this->secure_dir)) { - // add template_dir to secure_dir array - array_unshift($this->secure_dir, $this->template_dir); - } - if (!$this->debugging && $this->debugging_ctrl == 'URL' && @strstr($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'], $this->_smarty_debug_id)) { // enable debugging from URL diff --git a/libs/core/core.is_secure.php b/libs/core/core.is_secure.php index 184e8983..877886b8 100644 --- a/libs/core/core.is_secure.php +++ b/libs/core/core.is_secure.php @@ -17,12 +17,20 @@ function smarty_core_is_secure($params, &$smarty) { + static $check_template_dir = true; + if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) { return true; } $_smarty_secure = false; if ($params['resource_type'] == 'file') { + if($check_template_dir) { + if (!in_array($smarty->template_dir, $smarty->secure_dir)) + // add template_dir to secure_dir array + array_unshift($smarty->secure_dir, $smarty->template_dir); + $check_template_dir = false; + } if (!empty($smarty->secure_dir)) { $_rp = realpath($params['resource_name']); foreach ((array)$smarty->secure_dir as $curr_dir) {