- improvement replaced most in_array() calls by more efficient isset() on array_flip()ed haystacks

- added notes on possible performance optimization/problem with Smarty_Security

libs/sysplugins/smarty_security.php

@@ -6,6 +6,15 @@
  * @subpackage Security
  * @author Uwe Tews
  */
+ 
+/*
+ * FIXME: Smarty_Security API
+ *      - getter and setter instead of public properties would allow cultivating an internal cache properly
+ *      - current implementation of isTrustedResourceDir() assumes that Smarty::$template_dir and Smarty::$config_dir are immutable
+ *        the cache is killed every time either of the variables change. That means that two distinct Smarty objects with differing
+ *        $template_dir or $config_dir should NOT share the same Smarty_Security instance, 
+ *        as this would lead to (severe) performance penalty! how should this be handled? 
+ */
 
 /**
  * This class does contain the security settings
@@ -119,6 +128,38 @@ class Smarty_Security {
      */
     public $allow_super_globals = true;
 
+    /**
+     * Cache for $resource_dir lookups
+     * @var array
+     */
+    protected $_resource_dir = null;
+    /**
+     * Cache for $template_dir lookups
+     * @var array
+     */
+    protected $_template_dir = null;
+    /**
+     * Cache for $config_dir lookups
+     * @var array
+     */
+    protected $_config_dir = null;
+    /**
+     * Cache for $secure_dir lookups
+     * @var array
+     */
+    protected $_secure_dir = null;
+    /**
+     * Cache for $php_resource_dir lookups
+     * @var array
+     */
+    protected $_php_resource_dir = null;
+    /**
+     * Cache for $trusted_dir lookups
+     * @var array
+     */
+    protected $_trusted_dir = null;
+    
+    
     /**
      * @param Smarty $smarty
      */
@@ -126,32 +167,7 @@ class Smarty_Security {
     {
         $this->smarty = $smarty;
     }
-
-    /**
-     * @var string
-     */
-    protected $_resource_dir = null;
-    /**
-     * @var string
-     */
-    protected $_template_dir = null;
-    /**
-     * @var string
-     */
-    protected $_config_dir = null;
-    /**
-     * @var string
-     */
-    protected $_secure_dir = null;
-    /**
-     * @var string
-     */
-    protected $_php_resource_dir = null;
-    /**
-     * @var string
-     */
-    protected $_trusted_dir = null;
-
+    
     /**
      * Check if PHP function is trusted.
      *