move check for template_dir in secure_dir-array into core.is_secure.php

this makes template_exists() work correctly with security=true even if
template_dir is not inside the secure_dir-array

libs/Smarty.class.php

@@ -1170,11 +1170,6 @@ class Smarty
 
         $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(error_reporting() & ~E_NOTICE);
 
-        if($this->security && !in_array($this->template_dir, $this->secure_dir)) {
-            // add template_dir to secure_dir array
-            array_unshift($this->secure_dir, $this->template_dir);
-        }
-
         if (!$this->debugging && $this->debugging_ctrl == 'URL'
                && @strstr($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'], $this->_smarty_debug_id)) {
             // enable debugging from URL

libs/core/core.is_secure.php

@@ -17,12 +17,20 @@
 
 function smarty_core_is_secure($params, &$smarty)
 {
+    static $check_template_dir = true;
+
     if (!$smarty->security || $smarty->security_settings['INCLUDE_ANY']) {
         return true;
     }
 
     $_smarty_secure = false;
     if ($params['resource_type'] == 'file') {
+        if($check_template_dir) {
+            if (!in_array($smarty->template_dir, $smarty->secure_dir))
+                // add template_dir to secure_dir array
+                array_unshift($smarty->secure_dir, $smarty->template_dir);
+            $check_template_dir = false;
+        }
         if (!empty($smarty->secure_dir)) {
             $_rp = realpath($params['resource_name']);
             foreach ((array)$smarty->secure_dir as $curr_dir) {