smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-04 10:24:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

move security settings to fetch function for template_dir

Browse Source
This commit is contained in:
mohrt
2003-01-20 19:03:03 +00:00
parent d9a6f036f1
commit a85d820bec
2 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
Smarty.class.php
View File

@@ -133,6 +133,7 @@ class Smarty
var $security = false; // enable template security (default false) var $security = false; // enable template security (default false)
var $secure_dir = array(); // array of directories considered secure var $secure_dir = array(); // array of directories considered secure
// ($template_dir is implicitly)
var $security_settings = array( var $security_settings = array(
'PHP_HANDLING' => false, 'PHP_HANDLING' => false,
'IF_FUNCS' => array('array', 'list', 'IF_FUNCS' => array('array', 'list',
@@ -212,10 +213,6 @@ class Smarty
\*======================================================================*/ \*======================================================================*/
function Smarty() function Smarty()
{ {
if($this->security) {
// add template_dir to secure_dir array
$this->secure_dir = array_merge(array($this->template_dir),$this->secure_dir);
}
foreach ($this->global_assign as $key => $var_name) { foreach ($this->global_assign as $key => $var_name) {
if (is_array($var_name)) { if (is_array($var_name)) {
foreach ($var_name as $var) { foreach ($var_name as $var) {
@@ -617,10 +614,13 @@ class Smarty
function fetch($_smarty_tpl_file, $_smarty_cache_id = null, $_smarty_compile_id = null, $_smarty_display = false) function fetch($_smarty_tpl_file, $_smarty_cache_id = null, $_smarty_compile_id = null, $_smarty_display = false)
{ {
$_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(error_reporting() & ~E_NOTICE); $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(error_reporting() & ~E_NOTICE);
if($this->security && !in_array($this->template_dir, $this->secure_dir)) {
// setup debugging // add template_dir to secure_dir array
array_unshift($this->secure_dir, $this->template_dir);
}
if (!$this->debugging && $this->debugging_ctrl == 'URL' if (!$this->debugging && $this->debugging_ctrl == 'URL'
&& strstr($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'], $this->_smarty_debug_id)) { && strstr($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'], $this->_smarty_debug_id)) {
// enable debugging from URL
$this->debugging = true; $this->debugging = true;
} }

12
libs/Smarty.class.php
View File

@@ -133,6 +133,7 @@ class Smarty
var $security = false; // enable template security (default false) var $security = false; // enable template security (default false)
var $secure_dir = array(); // array of directories considered secure var $secure_dir = array(); // array of directories considered secure
// ($template_dir is implicitly)
var $security_settings = array( var $security_settings = array(
'PHP_HANDLING' => false, 'PHP_HANDLING' => false,
'IF_FUNCS' => array('array', 'list', 'IF_FUNCS' => array('array', 'list',
@@ -212,10 +213,6 @@ class Smarty
\*======================================================================*/ \*======================================================================*/
function Smarty() function Smarty()
{ {
if($this->security) {
// add template_dir to secure_dir array
$this->secure_dir = array_merge(array($this->template_dir),$this->secure_dir);
}
foreach ($this->global_assign as $key => $var_name) { foreach ($this->global_assign as $key => $var_name) {
if (is_array($var_name)) { if (is_array($var_name)) {
foreach ($var_name as $var) { foreach ($var_name as $var) {
@@ -617,10 +614,13 @@ class Smarty
function fetch($_smarty_tpl_file, $_smarty_cache_id = null, $_smarty_compile_id = null, $_smarty_display = false) function fetch($_smarty_tpl_file, $_smarty_cache_id = null, $_smarty_compile_id = null, $_smarty_display = false)
{ {
$_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(error_reporting() & ~E_NOTICE); $_smarty_old_error_level = $this->debugging ? error_reporting() : error_reporting(error_reporting() & ~E_NOTICE);
if($this->security && !in_array($this->template_dir, $this->secure_dir)) {
// setup debugging // add template_dir to secure_dir array
array_unshift($this->secure_dir, $this->template_dir);
}
if (!$this->debugging && $this->debugging_ctrl == 'URL' if (!$this->debugging && $this->debugging_ctrl == 'URL'
&& strstr($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'], $this->_smarty_debug_id)) { && strstr($GLOBALS['HTTP_SERVER_VARS']['QUERY_STRING'], $this->_smarty_debug_id)) {
// enable debugging from URL
$this->debugging = true; $this->debugging = true;
} }